Naval  Postgraduate  School 
Monterey,  California  93943-5138 

NPS-09-02-016 


SUMMARY 

OF 

RESEARCH 

2001 


Department  of  Computer  Science 

Graduate  School  of  Operational  and  Information  Sciences 

LCDR  Chris  Eagle,  USN 
Acting  Chair 

Neil  C.  Rowe 

Associate  Chair  for  Research 


Approved  for  public  release;  distribution  is  unlimited 
Prepared  for:  Naval  Postgraduate  School 
Monterey,  CA  93943-5000 


20030/09  024 


Naval  Postgraduate  School 
Monterey,  California  93943-5138 

NPS-09-02-016 


SUMMARY 

OF 

RESEARCH 

2001 


Department  of  Computer  Science 

Graduate  School  of  Operational  and  Information  Sciences 

LCDR  Chris  Eagle,  USN 
Acting  Chair 

Neil  C.  Rowe 

Associate  Chair  for  Research 


Approved  for  public  release;  distribution  is  unlimited 
Prepared  for:  Naval  Postgraduate  School 
Monterey,  CA  93943-5000 

20030/09  m 


NAVAL  POSTGRADUATE  SCHOOL 

Monterey,  California 


RADM  David  R.  Ellison,  USN  Richard  Elster 

Superintendent  Provost 

This  report  was  prepared  for  the  Naval  Postgraduate  School,  Monterey,  CA. 
Reproduction  of  all  or  part  of  this  report  is  authorized. 


REPORT  DOCUMENTATION  PAGE 


Form  approved 
OMB  No  0704-0188 


Public  reporting  burden  for  this  collection  of  information  is  estimated  to  average  1  hour  per  response.  Including  the  time 
gathering  and  maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comment; 
collection  of  information,  including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directo 
Highway,  Suite  1204,  Arlington,  VA  22202-4302,  and  to  the  Office  of  Management  and  Budget,  Paperwork  Reduction  P 

for  reviewing  instructions,  searching  existing  data  sources, 
regarding  this  burden  estimate  or  any  other  aspect  of  this 
rate  for  information  Operations  and  Reports,  1215  Jefferson  Davis 
reject  (0704-0188),  Washington,  DC  20503. 

1.  AGENCY  USE  ONLY  {Leave  blank)  2.  REPORT  DATE  3.  REPORT  TYPE  AND  DATES  COVERED 

September  2002  Summary  Report,  1  October  2000-30  September  200 1 

4.  TITLE  AND  SUBTITLE 

Summary  of  Research  2001,  Department  of  Computer  Science 

5.  FUNDING 

6,  AUTHOR(S)  "  - - 

Faculty  of  the  Naval  Postgraduate  School 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS(ES) 

Naval  Postgraduate  School 

Monterey,  CA  93943-5000 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

NPS-09-02-016 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESSES) 

Naval  Postgraduate  School 

Monterey,  CA  93943-5000 

10.  SPONSORING/MONITORING 

AGENCY  REPORT  NUMBER 

11.  SUPPLEMENTARY  NOTES 

The  views  expressed  in  this  report  are  those  of  the  authors  and  do  not  reflect  the  official  policy  or  position  of  the 

Department  of  Defense  or  U.S.  Government. 

12a.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release;  distribution  is  unlimited 

12b.  DISTRIBUTION  CODE 

A 

13.  ABSTRACT  (Maximum  200  words.) 

This  report  contains  project  summaries  of  the  research  projects  in  the  Department  of  Computer  Science.  A  list  of  recent  publications  is  also  included, 
which  consists  of  conference  presentations  and  publications,  books,  contributions  to  books,  published  journal  papers,  and  technical  reports.  Thesis 
abstracts  of  students  advised  by  faculty  in  the  Department  are  also  included. 

/ 

14.  SUBJECT  TERMS 

15.  NUMBER  OF 

PAGES 

118 

16.  PRICE  CODE 

17.  SECURITY  CLASSIFICATION  18.  SECURITY  CLASSIFICATION  19.  SECURITY  CLASSIFICATION 

OF  REPORT  OF  THIS  PAGE  OF  ABSTRACT 

Unclassified  Unclassified  Unclassified 

20.  LIMITATION  OF 
ABSTRACT 

Unlimited 

NSN  7540-01-280-5800  Standard  Form  298  (Rev.  2-89) 


Prescribed  by  ANSI  Std  239-18 


V 


THE  NAVAL  POSTGRADUATE  SCHOOL  MISSION 


Increase  the  combat  effectiveness  of  the  U.S.  and  allied  forces  and  enhance  the  security  of  the  U.S.A. 
through  advanced  education  and  research  programs  focused  on  the  technical,  analytical,  and  managerial 
tools  needed  to  confront  defense  related  challenges  of  the  future. 


vii 


TABLE  OF  CONTENTS 


Preface . . . . . . 

Introduction . 

Department  Summary . . . . . . . . . . . 

Faculty  Listing . 

Project  Summaries . 

Battlefield  Data  Processing  Course  Development . 

High  Resolution  Terrain  Data  Generation  Support . 

SISO  Intrinsic  Earth  Surface  Material  Classifier  System  Phase  II . 

XML  Technology  Assessment . 

MV-22  Crew  Training  for  Deployed  Expeditionary  Forces: 

Marine  Corps  Air  to  Ground  Operations  . . 

An  Executive  Level  Information  Technology  Exploit  Demonstration . 

High  Assurance  Multilevel  Computing  Environment,  Phase  II . 

MSHN:  Management  System  for  Heterogeneous  Networks . 

MSHN:  Security  Architecture  and  Quality  of  Security  Service 

for  Resource  Management  Systems . . . . . . . . . . 

Navy  Information  Warfare/Information  Security /Information  Assurance 

Support  Plan  for  NPS  CISR  . . . . . . . . 

NPS  CISR  Scholarship  for  Service:  Scholarship  Track . . 

Public  Key  Infrastructure  (PKI)  Laboratory  Equipment  -  FY01 

Public  Key  Infrastructure  (PKI)  Laboratory  Support  and  Extension  . 

Security-Enhanced  Windows  CE . . 

SIM  Security  . 

Assessment  of  Defense  Modeling  and  Simulation  Office  (DMSO) 

Conceptual  Models  of  the  Mission  Space . 

Dynamic  Assembly  for  Systems  Adaptability,  Dependability, 

and  Assurance  (DASADA)  Project . . 

Engineering  Automation  for  Reliable  Software . 

Improved  Software  Technology  for  the  Next  Generation  Aircraft  Carrier . 

Monterey  Workshop  2001  -  Engineering  Automation 

for  Software  Intensive  System  Integration..... . . . . . . . . . . . 

Performance  Measurement  of  the  METCAST  Server . 

System.  Engineering  and  Evolution  Decision  Support . . . . . . . . . . 

Weapon  Software  Safety  Program  in  NPS  Software  Engineering  Automation  Center 

FY01 IO/IW  Research  on  Intelligent  Software  Decoys . . . . 

Testing  of  Large  Software-Intensive  Systems . . 

Detection  of  Changes  Over  Time  in  Linear  Features  in  Aerial  Photographs . . 

MAGMA:  Mobile  Code  Approach  to  Server  Fault  Tolerance . 

SAAM:  Network  Management  System  for  Integrated  Services . 

Context  Machine  -  A  Device  to  Determine  Context  from  Symbolic  Inputs . 

Publications  and  Presentations . 

Thesis  Abstracts . 

Implementation  of  Data  Flow  Query  Language  (DFQL) . 

Bluetooth  Technology  and  Its  Implementation  in  Sensing  Devices . . . 

Recognition  of  Ship  Types  from  an  Infrared  Image 

Using  Moment  Invariants  and  Neural  Networks . 

Agent-Based  Simulation  of  a  Marine  Infantry  Squad  in 

an  Urban  Environment . . . . . . . . . . 

Inertial  and  Magnetic  Tracking  of  Limb  Segment  Orientation 

for  Inserting  Humans  into  Synthetic  Environments........ . . . . 

Implementation  of  a  Hypertext  Transfer  Protocol  Server 

on  a  High  Assurance  Multi-Level  Secure  Platform . . . . . . . 

Software  Testing  Tools:  Metrics  for  Measurement  of  Effectiveness 

on  Procedural  and  Object-Oriented  Source  Code  . . . . 

User-Centered  Iterative  Design  of  a  Collaborative  Virtual  Environment 


xiii 

..xv 

....3 

....5 

....7 

....7 

....7 

....7 

....8 

....8 

....9 

.,10 

..II 

..12 

...13 

..15 

...15 

...16 

...17 

...17 

...23 

...24 

...26 

...32 

...33 

...33 

...36 

...37 

...38 

...40 

...40 

...41 

...42 

...45 

...53 

...55 

...55 

...56 

...56 

,.,57 

,..57 

,..58 

,..58 


ix 


TABLE  OF  CONTENTS 


Web-Based  Testing  Tools  for  Electrical  Engineering  Courses . . . . . 59 

Supporting  the  Secure  Halting  of  User  Sessions  and  Processes 

in  the  Linux  Operating  System . . . ..........59 

Analyzing  Threads  and  Processes  in  Windows  CE . . . ...60 

Integrated  Development  Environment  (IDE)  for  the  Construction 

of  a  Federation  Interoperability  Object  Model  (FIOM) . . . 60 

Design  and  Implementation  of  Web-Based  Supply  Center's  Material  Request 

and  Tracking  (SMART)  System  Using  Java  and  Java  Servlets . . . 61 

Vulnerability  Assessment  of  Microsoft  Exchange  2000  Server  Software . .............61 

Web-Enabling  an  Early  Warning  and  Tracking  System 

for  Network  Vulnerabilities . . . . 62 

Implementation  Considerations  for  a  Virtual  Private  Network  (VPN) 

to  Enable  Broadband  Secure  Remote  Access  to  the  Naval  Postgraduate  School  Intranet  ........62 

Evaluation  of  the  Extensible  Markup  Language  (XML) 

as  a  Means  of  Establishing  Interoperability  Between  Multiple  DoD  Databases . ...63 

Design  and  Implementation  of  Online  Communities . . . 63 

Analysis,  Design  and  Implementation  of  a  Web  Database  with  Oracle8I . . . .....64 

Therminator  2:  Developing  a  Real  Time  Thermodynamic  Based 

Patternless  Intrusion  Detection  System . . . . . 64 

The  Design  and  Implementation  of  a  Real-Time  Distributed  Application  Emulator . . . .....65 

Developing  Articulated  Human  Models  from  Laser  Scan  Data 

for  Use  as  Avatars  in  Real-Time  Networked  Virtual  Environments . . . . 65 

Interconnectivity  Via  a  Consolidated  Type  Hierarchy  and  XML . . . . ....66 

Feasibility  of  the  Tactical  UAV  as  a  Combat  Identification  Tool . . . ...66 

Enhancing  Network  Communication  in  NPSNET-V  Virtual  Environments 

Using  XML-Described  Dynamic  Behavior  (DBP)  Protocols . 67 

Software  Re-Engineering  of  the  Human  Factors  Analysis  and  Classification  System  - 

(Maintenance  Extension)  Using  Object  Oriented  Methods  in  a  Microsoft  Environment . .67 

Study  of  a  Potential  Single  Point  Household  Communications  Product 

Utilizing  Internet  Protocol . . . 68 

Electronic  Maneuvering  Board  and  Dead  Reckoning  Tracer  Decision  Aid 

for  the  Officer  of  the  Deck . . . . .., . 69 

Integrating  a  Trusted  Computing  Base  Extension  Server  and  Secure  Session  Server 

into  the  Linux  Operating  System . . . . . 69 

Navy/Marine  Corps  Intranet  Information  Assurance  Operational 

Services  Performance  Measures . . . . . . . 70 

Semantic  Interoperability  in  Ad  Hoc  Wireless  Networks  . . . 70. 

Extensible  Markup  Language  (XML)  Based  Analysis  and  Comparison 

of  Heterogeneous  Databases . . . . . . 71 

Designing  Realistic  Human  Behavior  into  Multi-Agent  Systems . . . . . . . 71 

Using  Operational  Risk  Management  (ORM)  to  Improve  Computer  Network 

Defense  (CND)  Performance  in  the  Department  of  the  Navy  (DON) . . . ....72 

A  Discretionary-Mandatory  Model  as  Applied  to  Network  Centric  Warfare 

and  Information  Operations . . . . . 72 

An  Improved  Magnetic,  Angle  Rate,  Gravity  (MARG)  Body  Tracking  System . . . ...73 

Application  6f  the  Nogueira  Risk  Assessment  Model  to 

Real-Time  Embedded  Software  Projects . 73 

Analysis  of  Intel  IA-64  Processor  Support  for  a  Secure  Virtual  Machine  Monitor . ....74 

A  Simple  Software  Agents  Framework  for  Building  Distributed  Applications . ...74 

Development  of  a  Target  Recognition  System  Using  Formal 

and  Semi-Formal  Software  Modeling  Methods . . . 75 

Intrusion  Detection  Systems  Requirements  Analysis:  An  Evaluation 

of  the  Marine  Corps'  Use  of  COTS  IDs . . . 75 

Interconnectivity  Via  a  Consolidated  Type  Hierarchy  and  XML . ..76 

An  Examination  of  Possible  Attacks  on  Cisco's  IPSEC-Based  VPN  Gateways . . . . 77 


TABLE  OF  CONTENTS 


Dynamic  Assembly  for  System  Adaptability,  Dependability 

and  Assurance  (DASADA)  Project  Analysis . . . 

Vulnerabilities  Associated  with  Remote  Access  to 

Timestep  Virtual  Private  Networks  (VPNS) . . . . . 

Modeling  Conventional  Land  Combat  in  a  Multi-Agent  System 

Using  Generalization  of  the  Different  Combat  Entities  and  Combat  Operations . 

The  Employment  of  a  Web  Site  and  Web-Enabling  Technology 

in  Support  of  U.S.  Military  Information  Operations . 

The  Design  and  Development  of  a  Web-Interface 

for  the  Software  Engineering  Automation  System . . . . . . . . . . 

Information  Security  Requirements  for  a  Coalition  Wide  Area  Network . 

Implementation  of  a  Two-User  Display  Using  Stereoscopies . 

A  Study  of  the  Requirements  for  a  Heads-Up  Display  for  Use 

in  Motor  Transportation  in  the.  United  States  Marine  Corps . 

Application  Programmer’s  Interface  (API)  for  Heterogeneous  Language  Environment 

and  Upgrading  the  Legacy  Embedded  Software . 

Using  Network  Management  Systems  to  Detect  Distributed 

Denial  of  Service  Attacks . . . . . . . . . . 

A  Requirements  Specification  of  Modifications  to  the  Functional  Description 

of  the  Mission  Space  Resource  Center . 

Emergent  Leadership  on  Collaborative  Tasks  in  Distributed  Virtual  Environments . . 

An  Architecture  and  Prototype  System  for  Automatically  Processing 

Natural-Language  Statements  of  Policy . . . . . . . . 

Trust  and  its  Ramifications  for  the  DoD  Public  Key  Infrastructure . 

Analyzing  Input/Output  Subsystem  Security  in  Windows  CE . 

Methods  for  Determining  Object  Correspondence  During  System  Integration . . . . 

A  Guide  to  Selecting  Software  Metrics 

for  the  Acquisition  of  Weapon  Systems . . . 

Optimization  of  Distributed,  Object-Oriented  Architectures . 

Quality  of  Service  for  IP-Based  Networks . 

A  Pattern-Matching  Approach  for  Automated  Scenario-Driven 

Testing  of  Structured  Computational  Policy . 

Software  Arehecture  Reconstruction  Methodology 

in  the  Context  of  Product  Line.... . . . 

Advanced  Quality  of  Service  Management  for  Next  Generation  Internet . 

Analysis  of  Rough  Surface  Lighting  Behaviors  with  OPENGL . 

Web-Based  Training  for  the  Hellenic  Navy . 

Principles  for  Web-Based  Instruction . . . 

Requirements  for  the  Deployment  of  Public  Key  Infrastructure  (PKI) 

in  the  USMC  Tactical  Environment . 

Dynamic  Assembly  for  System  Adaptability,  Dependability 

and  Assurance  (DASADA)  Project  Analysis . . . . . . . . . 

Web  Database  Development . 

Realistic  Traffic  Generation  Capability  for  SAAM  Testbed . ; . 

Analysis  of  Intel  LA-64  Processor  Support  for  Secure  Systems . . 

The  Effects  of  Natural  Locomotion  on  Maneuvering  Task  Performance 

in  Virtual  and  Real  Environments . . . . . 

Evaluation  of  Surveillance  Reconnaissance  Management  Tool 

and  Utility/Functionality  to  Future  Surface  Combatants . 

Implementation  of  a  Multi-Agent  Simulation  for  the  NPSNET-V  Virtual 

Environment  Research  Project . 

Dynamic  Scalable  Network  Area  of  Interest  Management  for  Virtual  Worlds . 

Human  Factors  in  Coast  Guard  Computer  Security  -  An  Analysis  of  Current  Awareness 

and  Potential  Techniques  to  Improve  Security  Program  Viability . 

Concepts,  Applications  and  Analysis  of  a  Submarine  Based  Wireless  Network . . . 


.77 

.78 

.78 

.79 

.79 

.80 

.80 

.81 

.81 

.82 

.82 

.83 

.83 

.84 

.84 

,85 

,85 

.86 

.86 

.87 

,.87 

..88 

..88 

..89 

..89 

..90 

,.90 

..91 

..91 

..92 

..92 

..93 

..93 

..93 

..94 

..94 


xi 


TABLE  OF  CONTENTS 


An  Application  of  Role-Based  Access  Control 

in  an  Organizational  Software  Process  Knowledge  Base . . . . . 95 

Fault  Tolerance  in  the  Server  and  Agent  Based  Network 

Management  (SAAM)  System . . . . . . . ....95 

Integrated  Development  Environment  (IDE)  for  the  Construction 

of  a  Federation  Interoperability  Object  Model  (FIOM) . 96 

Network  Defense-in-Depth:  Evaluating  Host-Based  Intrusion  Detection  Systems . 97 

A  Training  Framework  for  the  Department  of  Defense  Public  Key  Infrastructure . ......97 

Initial  Distribution  List . . . . . . . 99 


PREFACE 


S 

Research  at  the  Naval  Postgraduate  School  is  carried  out  by  faculty  in  the  four  graduate  schools  (School  of 
International  Graduate  Studies,  Graduate  School  of  Operations  and  Information  Sciences,  Graduate  School 
of  Engineering  and  Applied  Sciences,  and  Graduate  School  of  Business  and  Public  Policy)  and  three 
Research  Institutes  (The  Modeling,  Virtual  Environments,  and  Simulation  (MOVES)  Institute,  Institute  for 
Information  Superiority  and  Innovation  (I2SI),  and  Institute  for  Defense  System  Engineering  and  Analysis 
(EDSEA).  This  volume  contains  research  summaries  for  the  projects  undertaken  by  faculty  in  the 
Department  of  Computer  Science  during  2001.  The  summary  also  contains  thesis  abstracts  for  those 
students  advised  by  Computer  Science  faculty  during  2001. 

Questions  about  particular  projects  may  be  directed  ' to  the  faculty  Principal  Investigator  listed,  the 
Department  Chair,  or  the  Department  Associate  Chair  for  Research.  Questions  may  also  be  directed  to  the 
Office  of  the  Associate  Provost  and  Dean  of  Research.  General  questions  about  the  Naval  Postgraduate 
School  Research  Program  should  be  directed  to  the  Office  of  the  Associate  Provost  and  Dean  of  Research 
at  (831)  656*2099  (voice)  or  research@nns.naw.mil  (e-mail).  Additional  information  is  also  available  at 
the  RESEARCH  AT  NPS  website,  http://web.nns.navv.mil/-code09/ 

Additional  published  information  on  the  Naval  Postgraduate  School  Research  Program  can  be  found  in: 

■  Compilation  of  Theses  Abstracts:  A  quarterly  publication  containing  the  abstracts  of  all 
unclassified  theses  by  Naval  Postgraduate  School  students. 

■  Naval  Postgraduate  School  Research :  A  tri-annual  (February,  June,  October)  newsletter 

highlighting  Naval  Postgraduate  School  faculty  and  studenl.research, 

*  Summary  of  Research :  An  annual  publication  containing  research  summaries  for  projects 
undertaken  by  the  faculty  of  the  Naval  Postgraduate  School. 


INTRODUCTION 


The  research  program  at  the  Naval  Postgraduate  School  exists  to  support  the  graduate  education  of  our 
students.  It  does  so  by  providing  military  relevant  thesis  topics  that  address  issues  from  the  current  needs 
of  the  Fleet  and  Joint  Forces  to  the  science  and  technology  that  is  required  to  sustain  the  long-term 
superiority  of  the  Navy/DoD.  It  keeps  our  faculty  current  on  Navy/DoD  issues,  and  maintains  the  content 
of  the  upper  division  courses  at  the  cutting  edge  of  their  disciplines.  At  the  same  time,  the  students  and 
faculty  together  provide  a  very  unique  capability  within  the  DoD  for  addressing  warfighting  problems.  Our 
officers  must  be  able  to  think  innovatively  and  have  the  knowledge  and  skills  that  will  let  them  apply 
technologies  that  are  being  rapidly  developed  in  both  the  commercial  and  military  sectors.  Their  unique 
knowledge  of  the  operational  Navy,  when  combined  with  a  challenging  thesis  project  that  requires  them  to 
apply  their  focused  graduate  education,  is  one  of  the  most  effective  methods  for  both  solving  Fleet 
problems  and  instilling  the  life-long  capability  for  applying  basic  principles  to  the  creative  solution  of 
complex  problems. 

The  research  program  at  the  Naval  Postgraduate  School  consists  of  both  reimbursable  (sponsored)  and 
institutionally  funded  research.  The  research  varies  from  very  fundamental  to  very  applied,  from 
unclassified  to  all  levels  of  classification. 

*  Reimbursable  (Sponsored)  Program:  This  program  includes  those  projects 
externally  funded  on  the  basis  of  proposals  submitted  to  outside  sponsors  by  the 
School’s  faculty.  These  funds  allow  the  faculty  to  interact  closely  with  RDT&E 
program  managers  and  high-level  policymakers  throughout  the  Navy,  DoD,  and 
other  government  agencies  as  well  as  with  the  private  sector  in  defense-related 
technologies.  The  sponsored  program  utilizes  Cooperative  Research  and 
Development  Agreements  (CRADAs)  with  private  industry,  participates  in 
consortia  with  government  laboratories  and  universities,  provides  off-campus 
courses  either  on-site  at  the  recipient  command,  by  VTC,  or  web-based,  and 
provides  short  courses  for  technology  updates. 

•  Naval  Postgraduate  School  Institutionally  Funded  Research  (NIFR)  Program: 

The  institutionally  funded  research  program  has  several  purposes:  (1)  to  provide 
the  initial  support  required  for  new  faculty  to  establish  a  Navy/DoD  relevant 
research  area,  (2)  to  provide  support  for  major  new  initiatives  that  address  near- 
term  Fleet  and  OPNAV  needs,  (3)  to  enhance  productive  research  that  is 
reimbursably  sponsored,  and  (4)  to  cost-share  the  support  of  a  strong  post¬ 
doctoral  program. 

In  2001,  the  level  of  research  effort  overall  at  the  Naval  Postgraduate  School  was  148  faculty  work  years 
and  exceeded  $48  million.  The  reimbursable  program  has  grown  steadily  to  provide  the  faculty  and  staff 
support  that  is  required  to  sustain  a  strong  and  viable  graduate  school  in  times  of  reduced  budgets.  In 
FY2001,  over  93%  of  the  research  program  was  externally  supported.  A  profile  of  the  sponsorship  of  the 
Naval  Postgraduate  School  Research  Program  in  FY2001  is  provided  in  Figure  1. 
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Figure  1.  Profile  of  NPS  Research  and  Sponsored  Programs  ($52M) 


The  Office  of  Naval  Research  is  the  largest  Navy  external  sponsor.  The  Naval  Postgraduate  School  also 
supports  the  Systems  Commands,  Warfare  Centers,  Navy  Labs  and  other  Navy  agencies.  A  profile  of 
external  Navy  sponsorship  for  FY2001  is  provided  in  Figure  2. 
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Figure  2.  Navy  External  Sponsors  of  NPS  Research  and  Sponsored  Programs  ($29M) 


These  are  both  challenging  and  exciting  times  at  the  Naval  Postgraduate  School  and  the  research 
program  exists  to  help  ensure  that  we  remain  unique  in  our  ability  to  provide  education  for  the  warfighter. 


September  2002 


DAVID  W.  NETZER 

Associate  Provost  and  Dean  of  Research 
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DEPARTMENT  OF 
COMPUTER  SCIENCE 


LCDR  CHRIS  EAGLE,  USN 
ACTING  CHAIR 


DEPARTMENT  SUMMARY 


OVERVIEW: 


The  Department  of  Computer  Seienee  provides  graduate  training  and  education  in  major  areas  of  computer 
science.  Thus,  both  basic  and  advanced  graduate  courses  are  offered.  Course  work  and  research  lead  to 
either  the  degree  of  Master  of  Science  or  Doctor  of  Philosophy,  The  requirements  to  complete  either 
program  are  rigorous  and  are  comparable  to  those  of  other  major  universities. 


CURRICULA  SERVED: 

*  Computer  Science 

■  Software  Engineering 

■  Modeling,  Virtual  Environments,  and  Simulation 


DEGREES  GRANTED: 

■  Master  of  Science  in  Computer  Science 

*  Master  of  Science  in  Software  Engineering 

■  Master  of  Science  in  Modeling,  Virtual  Environments,  and  Simulation 

*  Doctor  of  Philosophy  in  Computer  Science 

*  Doctor  of  Philosophy  in  Software  Engineering 

■  Doctor  of  Philosophy  in  Modeling,  Virtual  Environments,  and  Simulation 


RESEARCH  THRUSTS  AND  FACULTY  EXPERTISE: 

*  Software  Engineering: 

Professor  Luqi,  Professor  Valdis  Berzins,  Professor  Ted  Lewis,  Associate  Professor  Man-Tak 
Shing,  Military  Instructor  CDR  Deborah  Kern,  and  Military  Instructor  LCDR  Chris  Eagle 

■  Databases: 

Associate  Professor  Thomas  Wu,  Research  Assistant  Professor  Wolfgang  Baer,  and  Professor 
Robert  McGhee 

*  Information  Security: 

Associate  Professor  Cynthia  Irvine,  Lecturer  Daniel  Warren,  and  Lecturer  Paul  Clark 

*  Artificial  Intelligence: 

Professor  Robert  McGhee,  Professor  Neil  Rowe,  and  Assistant  Professor  Chris  Darken  ’ 

*  Modeling,  Virtual  Environments  and  Simulation  (MOVES)  Institute/Computer  Graphics: 

Professor  Michael  Zyda,  Assistant  Professor  Rudy  Darken,  Lecturer  Eric  Bachmann,  Research 
Professor  John  Hiles,  and  Research  Professor  Michael  Capps 

■  Networks: 

Associate  Professor  G,  M,  Lundy,  Assistant  Professor  Geoffrey  Xie,  and  Associate  Professor  Bret 
Michael 

*  Programming  Languages: 

Associate  Professor  Dennis  Volpano 


RESEARCH  FACILITIES: 

■  Computer  Science  Academic  Laboratory 

■  Artificial  Intelligence  and  Robotics  Laboratory 

■  Computer  Systems  and  Security  Laboratory 
•  Computer  Graphics  and  Video  Laboratory 

■  Microcomputer  Systems  Laboratory 

■  Modeling,  Virtual  Environments,  and  Simulation  Institute 

■  Software  Engineering  Laboratory 
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■  Visual  Database  and  Interface  Laboratory 
RESEARCH  CENTERS: 

■  Center  for  Information  Security  (INFOSEC)  Studies  and  Research  (CISR) 

■  \  Software  Engineering  Center 


RESEARCH  PROGRAM  (Research  and  AcademtcVFY2001: 

The  Naval  Postgraduate  School’s  sponsored  program  exceeded  $49  million  in  FY2001.  Sponsored 
programs  included  both  research  and  educational  activities  funded  from  an  external  source.  A  profile  of  the 
sponsored  program  for  the  Department  of  Computer  Science  is  provided  below: 


CRADA 

Other-Federal  50/ 


Joint 

3% 


Size  of  Program:  S2550K 
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FACULTY  LISTING 


6-lfr  : 


Eagle,  Chris,  LCDR,  USN 
Military  Faculty  and  Acting  Chair 
CS/Ce 
656-2378 

cseagle@cs,nps,naw.mil 


Rowe,  Neil  C. 
Professor  and 

Associate  Chair  for  Research 
CS/Rp 
656-2462 

ncrowe@nps.navv.mil 


Allen,  Bruce 

Research  Associate 

CS 

656-2222 

ballen@cs.nps.naw.mil 

Falby,  John 

Senior  Lecturer 

CS/Fa 

656-3390 

falbv@cs.nps.naw.mil 

Luqi 

Professor 

CS/Lq 

656-2735 

luai(S).cs.nns.navv.mi  1 

Bachmann,  Eric 

Lecturer 

CS/Bc 

656-4066. 

bachmann@cs.nps.naw.mil 

Fulp,  J.D. 

Lecturer 

CS 

656-2280' 

idfulo@nns.naw.mil 

McDowell,  Perry 

Lecturer 

CS/Mp 

656-4075 

mcdowellfiBcs.nos.naw.mil 

Baer,  Wolfgang 

Research  Assistant  Professor 
CS/Ba 

656-2209 

baer(®,cs,rms.naw.mil 

Hiles,  John 

Research  Professor 

CS/Hj 

656-2988 

hilesfScs.nps.naw.mil 

McGhee,  Robert  B. 
Professor 

CS/Mz 

656-2026 

mc2heefiBes.nps.naw.mil 

Berzins,  Valdis 

Professor 

CS/Be 

656-2601 

berzins{3),cs.nns,naw,rnil 

Irvine,  Cynthia 

Associate  Professor 

CS/Ic 

656-2461 

imne{®cs.nDS. navv.mil 

Michael,  Bret 

Associate  Professor 

CS/Mj 

656-2655 

bmiehael@nps.naw.mil 

Capps,  Michael 

Research  Assistant  Professor 
CS/Cm 

656-2865 

canns(a);cs,nDS.naw.mi] 

Levin,  Timothy 

Research  Associate  Professor 

CS 

656-2239 

teIevinfifinos.navv.mil 

Pereira,  Barbara 

Research  Associate 

CS/Bp 

656-4074 

pereirafiBcs.nDS.naw.mil 

Clark,  Paul 

Lecturer 

CS/Cp 

656-2395 

clarkn@cs.nns.naw.mil 

Lewis,  Ted 

Professor 

CS/Lt 

656-283 

lewis(5),cs,nps,naw.mil 

Peterson,  Barry 

Research  Assistant 

CS/Pb 

656-2197 

peterson@cs.nps.naw.mil 

Darken,  Rudy 

Assistant  Professor 

CS/Dr 

656-4072 

darken@cs.nos.naw.mil 

Lundy,  G.M. 

Associate  Professor 

CS/Ln 

656-2094 

lundv@cs.nos.naw.mil 

Shifflett,  Dave 

Research  Associate 

CS 

656-407 

shiffletfiBcs.nps.naw.mil 
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Shing,  Man-Tak 
Associate  Professor 
CS/Sh 
656-2634 


mantak@cs.nps.naw.mil 


Warren,  Daniel 
Lecturer 
CS/Wd 
656-2353 

warren@cs.nps.naw.mil 


Volpano,  Dennis  •  Wu,  Thomas 

Assistant  Professor  Associate  Professor 

CS/Vo  CS/Wq 

656-3091  656-3391 


Xie,  Geoffrey 
Assistant  Professor 
CS/Xg 
656-2693 

xie@cs.nps.naw.mil 

Zyda,  Michael 
Professor 
CS/Zk 
656-2305 


PROJECT  SUMMARIES 


!$vH. 


x  *  »«4b|4j  s-  *  *  #  *#* 
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BATTLEFIELD  DATA  PROCESSING  COURSE  DEVELOPMENT 
Wolfgang  Baer,  Research  Assistant  Professor 
Department  of  Computer  Science 
Sponsor:  Unfunded 

OBJECTIVE;  Develop  a  Course  and  Research  Capability  to  Support  Integration  of  Virtual  Reality  and 
Battlefield  Sensing. 

SUMMARY;  Closing  the  loop  between  battlefield  sensors  and  military  computer  systems  in  a  timely  and 
accurate  manner  is  one  of  the  key  requirements  for  information  superiority  in  21st  century  military 
operations.  Future  command  centers  will  integrate  virtual  reality  technologies  with  real-time  battlefield 
sensing  systems  to  support  battlefield  decisions  and  data  product  generation.  It  is  imperative  that  the  future 
commanders  understand  the  concepts,  limits,  and  capacities  of  such  systems. 

The  course  planned  for  development  focuses  on  the  generation  of  virtual  environment  data  bases. 
Emphasis  will  be  on  the  techniques,  data  sources,  and  active  research  areas  which  produce  realistic 
representations  of  geographic  areas  of  military  interest 

DoD  KEY  TECHNOLOGY  AREAS;  Manpower,  Personnel  and  Training,  Computing  and  Software 
KEYWORDS;  Virtual  Reality,  Battlefield  Sensing 


HIGH  RESOLUTION  TERRAIN  DATA  GENERATION  SUPPORT 
Wolfgang  Baer,  Research  Assistant  Professor 
Department  of  Computer  Science 
Sponsor;  U*S.  Army  TRADOC  Analysis  Command 

OBJECTIVE;  Identify  and  Construct  3D  Terrain  Feature  Models. 

SUMMARY;  Provides  a  tool  to  automatically  recognize,  measure,  and  model  three-dimensional  surface 
features  for  addition  to  one  meter  resolution  terrain  database.  The  database  Is  initialized  using  standard 
elevation  models  (DTED).  It  then  integrates  higher  resolution  ortho-rectified  photo  imagery  and  higher 
accuracy  elevation  data  from  a  terrain  patch  of  interest  Finally  the  tool  will  recognize  terrain  feature 
classes  such  as  trees,  bushes,  rocks,  etc.  and  perform  a  3D  model  fit.  The  tools  also  provides  for  interactive 
editing  of  the  terrain  database  in  order  to  allow  cosmetic  and  high  fidelity  corrections.  The  tool  was 
delivered  in  FY  2001  in  order  to  support  a  64x64  km  database  construction  at  Ft.  Hood,  TX. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS;  3D  Terrain,  Database 


SISO  INTRINSIC  EARTH  SURFACE  MATERIAL  CLASSIFIER  SYSTEM  PHASE  II 
Wolfgang  Baer,  Research  Assistant  Professor 
Department  of  Computer  Science 
Sponsor;  U*S.  Army  TRADOC  Analysis  Command 

OBJECTIVE;  Build  the  infrastructure  for  the  construction  of  such  an  earth  surface  material  database  at 
one  meter  resolution. 

SUMMARY;  The  Simulation  Interoperability  Standards  Organization  (SISO)  Intrinsic  Earth  Surface 
Material  Classifier  System  project  will  develop  the  definition  of  a  Standard  Surface  Material  Code 
(SSMC).  To  a  modeling  and  simulation  program,  such  a  code  acts  like  a  pointer  to  a  list  of  intrinsic  earth 
surface  material  parameter  values  that  define  the  physical  and  radiometric  properties  of  the  Surface  over  a 
broad  wavelength  range.  This  information  will  reside  in  the  Surface  Materials  Standards  list  -  RESOLVE 
(Radiometric  Earth  Surface  Observables  for  Land  Visualization  Events),  which  includes  materials  based  on 
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the  global  abundance  of  naturally-occurring,  man-made,  and  non-realistic  materials,  their  significance  (e.g. 
importance)  to  a  user  community,  and  availability  of  spectral  data  sources  to  support  extraction  of  intrinsic 
surface  properties.  The  standard  will  also  include  reversible  surface  rendering  and  atmospheric  propagation 
equations  to  allow  a  traceable  connection  between  measurement  and  database  content.  Tools  for  extracting 
intrinsic  properties  of  material  from  remotely  required  data  are  basically  nonexistent  and  the  suites  of 
surface  rendering  tools  currently  available  are  limited  in  scope;  in  other  words,  they  cover  an  abbreviated 
wavelength  range  or  include  only  a  limited  set  of  material  types.  The  goal  of  our  effort  is  to  build  the 
infrastructure  for  the  construction  of  such  an  earth  surface  material  database  at  1  meter  resolution. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Standard  Surface  Material  Code,  Simulation  Interoperability,  Standards  Organization, 
SISO 


XML  TECHNOLOGY  ASSESSMENT 
Valdis  Berzins,  Professor 
Department  of  Computer  Science 
Sponsor:  Joint  C4ISR  Battle  Center 

OBJECTIVE:  The  Joint  C4ISR  Battle  Center  (JBC)  needs  an  assessment  of  technical  issues  related  to  the 
use  of  XML  to  achieve  data  interoperability  in  military  systems.  An  XML  schema  should  accommodate 
controlled  change  to  enable  incremental  approaches  to  implementation  that  add  one  system  at  a  time.  If 
changes  are  done  according  to  the  least  effort  for  each  individual  data  interchange  connection  between 
legacy  systems,  eventually  become  a  severe  maintenance  problem.  The  NPS  Software  Engineering  Group 
proposes  to  evaluate  and  assess  different  methods  for  alleviating  this  problem. 

SUMMARY:  The  use  of  XML  has  been  investigated  for  achieving  data  interoperability  between  DoD 
legacy  systems  from  several  points  of  view:  methods  for  integrating  XML  schemas  covering  data 
interchange  between  pairs  of  systems,  methods  for  using  XML  to  transfer  data  between  heterogeneous 
databases,  and  XML  for  data  interchange  between  real-rime  systems.  The  capabilities  of  commercial  tools 
have  been  assessed  related  to  XML  and  XML  interfaces  to  the  commercial  database  systems  used  in  the 
systems  of  interest  to  JBC.  Methods  have  also  been  assessed  for  translating  between  different  XML 
representations  of  the  same  real-world  data,  corresponding  to  the  different  views  of  that  data  as  modeled  in 
different  legacy  systems. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 
KEYWORDS:  XML,  Legacy  Systems,  Software  Engineering 


MV-22  CREW  TRAINING  FOR  DEPLOYED  EXPEDITIONARY  FORCES: 

MARINE  CORPS  AIR  TO  GROUND  OPERATIONS 
Rudolph  P.  Darken,  Assistant  Professor 
CDR  (sel)  Joseph  Sullivan,  USN,  Military  Instructor 
Sponsor:  Office  of  Naval  Research 

OBJECTIVE:  To  design  and  constrict  a  deployable  training  system  for  the  Navy  and  Marine  Corps 
helicopter  and  rotocraft  aviation  communities  focusing  on  team  tasks,  specifically  air  to  ground  operations. 

SUMMARY:  This  project  involves  the  development  of  a  deployable  training  device  for  the  MV-22 
platform  and  helicopters  capable  of  performing  air  to  ground  operations.  The  trainer  will  be  deployable, 
interoperable  with  other  trainers,  cost  effective,  reconfigurable,  and  the  investigators  will  also  conduct 
training  assessment  evaluation  to  assure  positive  training  transfer.  A  rudimentary  task  analysis  has  been 
completed  which  will  need  to  be  redone  more  thoroughly  next  year.  A  fully  implemented  prototype  system 
that  uses  a  bluescreen  (Chromakey)  solution  for  mixed  modes  of  display  is  available. 
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PUBLICATIONS: 

Darken,  R.?  Kempster,  K.  and  Peterson,  B.,  "Effects  of  Streaming  Video  Quality  of  Service  on  Spatial 
Comprehension  in  a  Reconnaissance  Task,"  Proceedings  ofl/ITSEC ,  Orlando,  FL. 

Peterson,  B.,  Boswell,  J,  and  Darken,  R,  "Collaborative  Navigation  in  Real  and  Virtual  Environments,” 
Proceedings  ofl/ITSEC ,  Orlando,  FL. 

THESIS  DIRECTED: 

Boswell,  J.,  “User-Centered  Iterative  Design  of  a  Collaborative  Virtual  Environment,”  Masters  Thesis, 
Naval  Postgraduate  School,  March  2001, 

Hennings,  C.,  “Designing  Realistic  Human  Behavior  into  Multi-Agent  Systems,”  Masters  Thesis,  Naval 
Postgraduate  School,  September  200 1 . 

Mert,  E.  and  Jilson,  E.,  “Modeling  Conventional  Land  Combat  in  a  Multi-Agent  System  Using 
Generalization  of  the  Different  Combat  Entities  and  Combat  Operations  ”  Masters  Thesis,  Naval 
Postgraduate  School,  September  2001. 

Norlander,  K,,  “Emergent  Leadership  on  Collaborative  Tasks  in  Distributed  Virtual  Environments,” 
Masters  Thesis,  Naval  Postgraduate  School,  September  2001. 

Unguder,  E.,  “The  Effects  of  Natural  Locomotion  on  Maneuvering  Task  Performance  in  Virtual  and  Real 
Environments,”  Masters  Thesis,  Naval  Postgraduate  School,  September  2001, 

DoD  KEY  TECHNOLOGY  AREA:  Human  Systems  Interface,  Modeling  and  Simulation 

KEYWORDS:  Training,  Virtual  Environment 


AN  EXECUTIVE  LEVEL  INFORMATION  TECHNOLOGY  EXPLOIT  DEMONSTRATION 

Cynthia  E.  Irvine,  Associate  Professor 
MAJ  Michael  VanPutte,  USA 
Department  of  Computer  Science 
Richard  Harkins,  Lecturer 
Department  of  Physics 

Sponsors:  Headquarters,  Department  of  the  Army 

OBJECTIVE:  This  proposal  Is  in  the  development  of  an  executive  level  demonstration  of  information 
security  vulnerabilities  and  exploits.  The  purpose  is  to  open  the  eyes  of  non-technical  DoD  leaders  to  the 
risks  that  are  inherent  in  current  information  technology  systems,  so  they  can  understand  and  make  policy, 

SUMMARY:  This  report  is  interim  and  describes  and  ongoing  effort.  The  purpose  of  this  effort  Is  to 
develop  an  executive  level  stand-alone  demonstration  of  current  computer  security  threats  and  exploits.  The 
demonstration  will  consist  of  a  “worst  case”  scenario  presentation  of  various  (unclassified)  cyber  threats 
and  vulnerabilities,  illustrating  the  skills  required  to  exploit  the  vulnerabilities  and,  where  available,  courses 
of  action  to  reduce  those  threats.  The  intent  is  to  present  to  non-technical  military  and  DoD  leaders  an 
executive  demonstration  of  current  Information  Assurance  threats,  risks,  and  countermeasures.  The 
demonstration  will  include  not  only  trivial  attacks  that  can  be  mounted  by  "ankle-biters"  or  that  result  from 
careless  or  inadequate  procedural  measures  on  the  part  of  authorized  users,  but  will  also  illustrate  attacks 
that  are  preferred  by  state-sponsored  or  other  well-funded  professionals.  Thus,  the  demonstration  will 
provide  decision  makers  with  die  information  that  they  need  to  understand  and  make  high  level  policy  in 
the  area  of  computer  and  network  security  and  the  risks  associated  with  information  technology. 

An  unclassified  “sand  box”  laboratory  is  being  developed  to  produce  the  highest  level  of  realism  and 
accuracy  in  the  demonstration.  Areas  include  network  infiltration  and  exploitation,  wireless  infrastructure 


PROJECT  SUMMARIES 


threats,  malware  threats,  Trojan  Horses,  trap  doors,  and  PDA  threats.  Each  of  the  attack  or  exploitation 
areas  is  being  explored  for  vulnerabilities  and  attack  scenarios  have  been  hypothesized.  This  is  followed  by 
test  or  implementation.  When  possible,  methods  to  mitigate  vulnerabilities  are  identified.  Both  the  attacks 
and  a  discussion  of  techniques  to  thwart  them  are  being  incorporated  into  the  demonstration. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Other  (Information  Assurance) 

KEYWORDS:  Information  Assurance,  Vulnerability  Exploitation,  Threats 


HIGH  ASSURANCE  MULTILEVEL  COMPUTING  ENVIRONMENT,  PHASE  II 
Cynthia  E.  Irvine,  Associate  Professor 
Department  of  Computer  Science 
Sponsor:  Navy  Engineering  Logistics  Office 

OBJECTIVE:  This  research  is  to  continue  work  in  support  of  a  high  assurance  distributed  multilevel 
computing  environment,  building  on  recent  work  accomplished  on  the  Naval  Postgraduate  School  High 
assurance  label  processing  mail  service  prototype  undertaken  during  Phase  I.  Areas  of  study  include 
applicability  to  collaborative  environments,  extension  of  label  processing,  trusted  path  extensions,  and 
supporting  policy  adaptations. 

SUMMARY:  The  prototype  High  Assurance  system  functionality  was  extended  in  the  following  ways: 
(1)  Modifications  to  the  Trusted  Path  Server,  Secure  Session  Server,  ‘sendmail’  daemon  and  HTTP  server 
on  a  high  assurance  platform  were  finalized,  (2)  An  initial  Java  prototype  of  a  generic  client  TCB 
Extension  was  produced;  high  assurance  server  functionality  was  ported  to  the  Linux  operating  system 
base.  This  work  permits  a  multilevel  version  of  Ethernet  support  as  well  as  dynamic  instantiation  of 
protocol  services  in  conformance  with  client  security  attributes.  (4)  A  similar  port  to  the  Open  BSD 
operating  system  was  started.  (5)  The  design  of  a  PDA-based  trusted  path  mechanism  to  be  used  in  the 
context  of  a  contemporary  server  (e.g.  Linux  or  OpenBSD)  was  begun.  The  client  trusted  path  device  is 
envisioned  to  be  a  hand-held  component  juxtaposed  between  the  client  workstation  and  the  server. 

Preliminary  sketches  of  an  architecture  for  self-protecting  data  were  prepared.  An  option  in  this  design 
is  to  use  a  specialized  reader  device.  The  use  of  Intelink/CAPCO  metadata  tags  to  support  visual  labeling  of 
paragraph  markings,  as  well  as  access  control  to  XML/HTML  documents  was  investigated.An  initial  study 
of  security  vulnerabilities  associated  with  the  use  of  popular  applications  on  the  connectionless  User 
Datagram  Protocol  (UDP)  was  conducted.  This  included  examination  of  several  Voice  over  IP  (VoIP) 
suites.  It  was  found  that  for  a  number  of  the  most  popular  products  ensuring  performance  was  paramount 
and  that  security  was  turned  off  when  VoIP  was  turned  on. 

Based  upon  the  need  to  provide  standard  commercial-grade  productivity  applications  as  the  general 
purpose  user  interface  to  high-assurance  data  processing  environments  is  compelling  in  the  context  of 
"trusted"  systems,  the  problem  of  integrity  in  architectures  comprised  of  both  traditional  trusted 
components  and  less  trusted  components  was  explored.  Some  of  these  systems  were  characterized  as  a 
class  of  architecture.  This  lead  to  the  development  of  a  general  integrity  property  that  systems  can  only  be 
trusted  to  manage  modifiable  data  whose  integrity  is  at  or  below  that  of  their  interface  components.  The 
analysis  led  the  effect  that  in  terms  of  integrity  high-assurance  systems  cannot  be  composed  of  a 
combination  of  high  assurance  policy-enforcement  components  and  low  assurance  commercial 
interface/application  components.  Another  effect  is  that  this  type  of  these  hybrid-security  systems  are  only 
applicable  to  processing  environments  where  the  integrity  of  data  is  consistent  with  that  of  low-assurance 
software. 

PUBLICATIONS: 

Irvine,  C.E.,  Levin,  T.,  Wilson,  J.D.,  Shifflett,  D.  and  Pereira,  B.,  "A  Case  Study  in  Security  Requirements 
Engineering  for  a  High  Assurance  System,"  Proceedings  of  the  1st  Symposium  on  Requirements 
Engineering  for  Information  Security,  Purdue  University,  Indianapolis,  IN,  5-6  March  2001. 
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Irvine,  C.E.  and  Levin,  T.,  "Data  Integrity  Limitations  in  Highly  Secure  Systems,"  Proceedings  of  the 
International  Systems  Security  Engineering  Conference,  February  2001, 

Irvine,  C.E.  and  Levin,  T.,  “A  Cautionary  Note  Regarding  the  Data  Integrity  Capacity  of  Certain  Secure 
Systems,"  Fourth  International  IFIP  Working  Conference  on  Integrity  and  Internal  Control  in  Information 
Systems,  Brussels,  Belgium,  15-16  November  2001, 

THESIS  DIRECTED: 

Glover,  M.,  “Integrating  a  Trusted  Computing  Base  Extension  Server  and  Secure  Session  Server  into  the 
Linux  Operating  System,”  Masters  Thesis,  Naval  Postgraduate  School,  September  2001. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Other  (Information  Assurance) 

KEYWORDS:  Computer  Security,  Information  Assurance,  Multilevel  Security,  High  Assurance 


MSHN:  MANAGEMENT  SYSTEM  FOR  HETEROGENEOUS  NETWORKS 
Cynthia  E.  Irvine,  Associate  Professor 
Department  of  Computer  Science 
Sponsor:  Defense  Advanced  Research  Projects  Agency 

OBJECTIVE:  Research  and  design  effort  directed  at  solving  the  fundamental  problems  associated  with 
and  creating  a  distributed  metacomputer. 

SUMMARY:  Phase  I  of  the  MSHN  Project  was  completed  in  2000.  This  report  provides  s  a  summary  of 
project  research  and  additional  publications  emerging  from  the  project. 

The  accomplishments  of  the  project  include  a  peer-to-peer  architecture  composed  of  the  following 
components:  client  library,  scheduling  advisor,  resource  requirements  database,  resource  status  server, 
MSHN  daemon,  application  emulator.  The  architecture  supports  the  execution  of  many  different  client 
applications,  both  new  and  previously  unencountered. 

Mapping  algorithm  research  supported  the  MSHN  scheduler  and  resulted  in  the  development  of  a 
"toolbox"  of  mapping  techniques  from  which  the  scheduler  can  select  the  most  appropriate  algorithm  for  a 
given  heterogeneous  computing  and  application  environment,  A  unified  mapping  framework  was 
developed  addressed  two  mapping  problems:  mapping  with  advance  reservation  and  data  replication,  and 
mapping  with  resource  co-allocation  requirements. 

MSHN  produced  a  resource  model  that  allows  the  system  to  make  mapping  decisions.  Monitoring  is 
needed  to  ensure  that  model  represents  the  resources  available.  Strategies  were  developed  to  permit 
monitoring  to  be  performed  at  each  client.  A  number  of  techniques  and  tools  were  explored  to  permit  the 
monitoring  and  modeling  of  communications  resources. 

The  research  explored  the  problem  of  distributed  communications  in  an  environment  requiring 
transfers  of  large  quantities  of  data,  A  uniform  framework  for  developing  communication  schedules  for 
collective  communication  patterns  was  introduced.  The  schedules  were  adapted  at  run-time,  based  on 
network  performance  information. 

Performance  metrics  were  developed  so  that  the  success  of  MSHN  as  a  resource  management  system 
could  be  measured.  A  multidimensional  performance  measure  was  developed  that  included:  priorities,  task 
and  data  versions,  deadlines,  situational  modes,  security,  and  other  dependencies. 

Security  was  an  integral  part  of  the  MSHN  project.  A  multi-domain  cryptographically  enforced 
security  architecture  was  developed  that  provided  authentication  and  confidentiality  for  MSHN 
components.  The  notion  of  Quality  of  Security  Service  was  introduced  and  developed  as  part  of  the  project. 

PUBLICATIONS: 

Kim,  J.K.,  Kidd,  T.,  Siegel,  H.J.,  Irvine,  C.,  Levin,  T.,  Hensgen,  D.A.,  St.  John,  D.,  Prasanna,  V.K.,  Freund, 
R.F.  and  Porter,  N.W.,  “Collective  Value  QoS:  A  Performance  Measure  Framework  for  Distributed 
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Heterogeneous  Networks,”  Proceedings  of  the  15th  International  Parallel  and  Distributed  Processing 
Symposium,  pp.  810-823, 2001. 

THESIS  DIRECTED: 

Drake,  T.,  “Design  and  Implementation  of  a  Real-Time  Distributed  System  Emulator,”  Masters  Thesis, 
Naval  Postgraduate  School,  March  2001. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Heterogeneous,  Distributed  Computing,  Data  Staging,  Metacomputing 

MSHN:  SECURITY  ARCHITECTURE  AND  QUALITY  OF  SECURITY  SERVICE  FOR 
RESOURCE  MANAGEMENT  SYSTEMS 
Cynthia  E.  Irvine,  Associate  Professor 
.  Department  of  Computer  Science 

Sponsor:  Defense  Advanced  Projects  Research  Agency 

OBJECTIVE:  This  is  an  extension  of  ongoing  work  in  the  area  of  quality  of  security  service  (QoSS)  and 
security  architectures  for  resource  management  systems  (RMS).  The  theory  of  QoSS  was  broadened  and 
the  QoSS  framework  extended  through  experimentation  with  mechanisms  to  provide  QoSS  in  the  context 
of  a  RMS.  Security  requirements  of  RMS  applications  will  be  identified  to  further  refine  needed 
architectural  and  QoSS  support. 

SUMMARY:  A  method  for  articulating  network  security  functional  requirements,  and  for  measuring  their 
fulfillment  has  been  developed.  Using  this  method,  security  in  a  quality  of  service  framework  (QoSS)  is 
discussed  in  terms  of  variant  security  mechanisms  and  dynamic  security  policies.  It  was  also  shown  how 
QoSS  can  be  represented  in  a  network  scheduler  benefit  function. 

This  research  continued  to  address  the  problem  of  how  users  and  administrators  can  easily  interact 
with  the  wide  range  of  security  resources  and  mechanisms.  A  method  for  translation  of  a  simplified  user 
abstraction  of  security  to  detailed  underlying  mechanisms  was  further  refined. 

An  approach  for  representing  the  level  of  resources  consumed  by  jobs  under  the  control  of  a  resource 
management  system  was  extended.  This  work  continued  to  show  how  this  measurement  of  resource  usage 
can  be  combined  with  a  notion  of  user  preferences  to  reflect  a  restrictive  resource-usage  policy  for  network 
management. 

Based  upon  a  preliminary  security  service  taxonomy  defined  to  provide  the  resource  management 
system  with  potential  resource .  utilization  costs,  a  demonstration  of  our  framework  was  developed  for 
defining  the  costs  of  various  network  services.  Using  IPSec  in  OpenBSD,  a  demonstration  of  Quality  of 
Security  Service  was  constructed.  Based  upon  environmental  conditions,  security  associations  between  peer 
systems  are  selected  according  to  a  predefined  policy.  Environmental  conditions  relating  to  the  network 
mode  and  user  security  requirements  may  change.  When  this  occurs,  security  associations  are  broken  down 
and  re-established. 

PUBLICATIONS: 

Irvine,  C.,  Levin,  T.  and  Sypropoulou,  E.,  "Security  as  a  Dimension  of  Quality  of  Service  in  Active  Service 
Environments,"  Proceedings  of  the  International  Workshop  on  Active  Middleware  Services,  San  Francisco, 
C A,  6  August  2001 . 

THESIS  DIRECTED: 

Agar,  C.,  “Dynamic  Parameterization  of  IPSec,”  Masters  Thesis,  Naval  Postgraduate  School,  December 

2001. 
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NAVY  INFORMATION  WARFARE/INFORMATION  SECURITY/INFORMATION 
ASSURANCE  SUPPORT  PLAN  FOR  NPS  CISR 
Cynthia  E,  Irvine,  Associate  Professor 
Department  of  Computer  Science 
Sponsor:  Chief  of  Naval  Operations  (N643) 

OBJECTIVE:  The  aim  of  this  research  is  to  provide  support  for  the  Naval  Postgraduate  School  Center  for 
INFOSEC  Studies  and  Research  (NPS  CISR)  in  an  integrated  approach  to  INFOSEC  research  and 

education.  The  program  will  focus  on  network  and  platform  security  problems  of  importance  to  DoN  and 
DoD. 

SUMMARY:  Several  ongoing  projects  intended  to  support  the  emerging  DoD  public  key  infrastructure 
(PKI)  were  started.  These  included  an  examination  of  the  feasibility  of  the  use  of  the  PKI  in  tactical 
situations.  Another  study  involved  configuration  management  issues  for  deployed  PKI  components.  A  third 
research  effort  is  explored  metrics  for  the  service  level  agreement  (SLA)  for  operational  services  relating  to 

the  PKI  that  are  required  for  the  Navy  Marine  Corps  Internet. 

PKI  training  within  the  DoD  was  examined  and  found  unable  to  provide  all  of  its  users  with  an 
adequate  level  of  general  understanding  of  the  system  as  a  whole,  or  of  the  implications  and  ramifications 
that  their  individual  actions  may  have  upon  the  system,  A  decentralized,  segmented,  and  inconsistent 
approach  to  PKI  training  will  result  in  a  lack  of  trust  within  the  PKI.  The  initial  requirements  and  design 
for  a  coherent  web-based  training  framework  for  the  DoD  PKI  were  developed.  A  prototype  was 
developed  for  further  testing  and  evaluation. 

Human  factors  in  the  perceived  and  actual  level  of  security  awareness  was  the  topic  of  another 
investigation.  A  survey  was  developed  to  assess  security  awareness  within  the  U.S.  Coast  Guard,  this  was 
followed  by  analysis  and  a  plan  to  improve  security  awareness  was  recommended. 

Highly  trustworthy  user  interfaces  for  an  open  source  operating  system  constituted  another  area  within 
the  scope  of  this  research.  The  objective  was  to  identify  all  of  the  mechanisms  within  the  keyboard 
interface  that  represent  trap  doors  in  the  open  source  system  and  to  modify  the  design  of  the  input 
subsystem  so  that  a  trustworthy  secure  attention  key  was  possible.  Additionally,  this  work  resulted  in  the 
development  of  a  state  representation  of  the  interface  that  could  be  used  for  subsequent  design  of  a  trusted 
path  interface. 

Using  the  Situational  Influence  Assessment  Module  (SIAM),  classical  risk  analysis  was  expanded  to 
increase  visualization  of  choices  that  impact  the  security  of  a  system,  in  this  case  a  firewall.  By  providing  a 
comparative  analysis  of  system  attributes  communications  between  decision  makers  and  technicians  is 
encouraged.  This  increased  understanding  of  the  impact  of  investment  choices  has  the  potential  to  increase 
the  security  posture  of  existing  systems. 

The  implications  of  the  use  of  human  microchip  implants  to  permit  radio  frequency  identification  of 
personnel  were  investigated.  This  work  included  a  survey  of  current  technologies  for  enhanced  user 
identification,  focusing  on  human  implant  approaches  and  a  summary  of  security,  privacy,  social  and 
ethical  issues  that  may  arise  from  the  use  of  these  technologies  in  the  U.S.  Navy.  It  was  found  that  the 
collateral  social  issues  are  complex  and  far-reaching.  Potentially  intractable  technical,  morale  and  legal 
issues  must  be  avoided  by  the  U.S,  Navy.  The  results  of  this  exploratory  work  show:  1)  technology  must 
be  examined  in  the  context  of  its  social  impact,  and  2)  there  is  a  valid  need  for  future  research  and  analysis 
of  human  microchip  implants. 

Research  into  platform  architectures  and  their  ability  to  support  secure  systems  involved  examination 
of  the  Intel  IA-64  platform.  Hardware  protection  mechanisms  were  examined  and  included  mechanisms 
for:  privilege  levels,  access  rights,  region  identifiers  and  protection  key  registers.  It  was  found  that  proper 
use  of  the  TLB-based  hardware  protection  features  permits  some  protection  in  the  IA-64  architecture. 

In  addition,  the  Intel  IA-64  architecture  was  analyzed  for  virtualizability  with  respect  to  the  three 
classical  virtual  machine  monitor  definitions  and  their  hardware  requirements.  Although  the  IA-64 
architecture  meets  the  three  hardware  requirements,  the  IA-64  instruction  set  contains  18  sensitive 
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unprivileged  instructions.  These  instructions  prevent  the  IA-64  architecture  from  being  used  for  a  Type  I 
VMM. 

A  study  of  Windows  2000  configuration  for  NPS  was  conducted  with  the  objective  of  describing  a 
secure  configuration  as  well  as  the  rationale  for  its  settings.  This  work  resulted  in:  (1)  brief  overview  of  the 
Microsoft  Windows  2000  security  architecture,  (2)  a  description  of  the  Windows  2000  Security 
Configuration  Tool  Kit  and  how  to  configure  security  settings,  (3)  a  discussion  on  security  policy  and  how 
it  effects  security  configurations,  (4)  recommendations  on  how  to  translate  the  Naval  Postgraduate  School's 
Security  Policy  into  Windows  2000  security  settings,  and  (5)  recommendations  on  a  pre-configured, 
security  template  for  all  students  attending  NPS. 

PUBLICATIONS: 

Irvine,  C.E.  and  Levin,  T.,  "Teaching  Security  Engineering  Principles,"  in  Armstrong,  H.  and  Yngstrom,  L., 
eds.,  IFIP  TC11  WG  11.8  Second  World  Conference  on  Information  Security  Education,  Perth,  Australia: 
Edith  Cowan  University,  pp.  1 13-127,  July  2001. 

Clark,  P.,  “Supporting  the  Education  of  Information  Assurance  with  a  Laboratory  Environment,” 
Proceedings  of  the  5th  National  Colloquium  for  Information  Systems  Security  Education,  May  200 1 . 

THESIS  DIRECTED: 

Brock,  J.,  “Supporting  the  Secure  Halting  of  User  Sessions  and  Processes  in  the  Unix  Operating  System,” 
Masters  Thesis,  Naval  Postgraduate  School,  June  2001. 

Brodhun,  C.P.,  “Prioritization  of  Information  Assurance  (LA)  Technology  in  a  Resource  Constrained 
Environment,”  Masters  Thesis,  Naval  Postgraduate  School,  September  200 1 . 

Gumke,  R.,  “Navy  Marine  Corp  Internet  Information  Assurance  Operational  Services  Performance 
Measures,”  Masters  Thesis,  Naval  Postgraduate  School,  June  2001. 

Jubert,  L.,  “Implications  of  User  Identification  Devices  (UEDs)  for  the  United  States  Navy,”  Masters 
Thesis,  Naval  Postgraduate  School,  September  2001. 

Karadeniz,  K,  “Analysis  of  Intel  IA-64  Processor  Support  for  a  Secure  Virtual  Machine  Monitor,”  Masters 
Thesis,  Naval  Postgraduate  School,  March  2001. 

McGovern,  S.,  “Information  Security  Requirements  for  a  Coalition  Wide  Area  Network,”  Masters  Thesis, 
Naval  Postgraduate  School,  June  2001. 

McKinley,  D.,  “Implementing  the  Naval  Postgraduate  School's  Security  Policy  Using  Windows  2000,” 
Masters  Thesis,  Naval  Postgraduate  School,  September  2001. 

Stocks,  A.,  “Requirements  for  the  Deployment  of  Public  Key  Infrastructure  (PKI)  in  the  USMC  Tactical 
Environment,”  Masters  Thesis,  Naval  Postgraduate  School,  June  2001. 

Unlamis,  B.,  “Analysis  of  the  Intel  IA-64  Processor  Support  for  Secure  Systems,”  Masters  Thesis,  Naval 
Postgraduate  School,  March  2001. 

Whalen,  T.,  “Human  Factors  in  Coast  Guard  Computer  Security  -  An  Analysis  of  Current  Awareness  and 
Potential  Techniques  to  Improve  Security  Program  Viability,”  Masters  Thesis,  Naval  Postgraduate  School, 
June  2001. 

Zembia,  M.,  “A  Training  Framework  for  the  Department  of  Defense  Public  Key  Infrastructure,”  Masters 
Thesis,  Naval  Postgraduate  School,  September  2001. 
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DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Other  (Information  Assurance) 

KEYWORDS:  Computer  Security,  Information  System  Security,  INFOSEC,  Information  Assurance, 
Network  Security 

NPS  CISR  SCHOLARSHIP  FOR  SERVICE:  SCHOLARSHIP  TRACK 
Cynthia  E,  Irvine,  Associate  Professor 
Department  of  Computer  Science 
Sponsor:  National  Science  Foundation 

OBJECTIVE:  The  objective  of  the  proposed  work  is  to  provide  Masters  level  education  in  the  science  and 
practice  of  Information  Assurance  to  selected  students  who  would  subsequently  be  available  and  obligated 
to  perform  two  years  of  Federal  service  in  the  same  field, 

SUMMARY:  Students  with  undergraduate  computer  science  degrees  will  be  placed  into  a  specially 
designed  two-year  computer  security  track  within  the  Center  for  INFOSEC  Studies  and  Research  (CISR)  at 
the  Naval  Postgraduate  School,  This  four-year  Scholarship  for  Service  program  will  initiate  a  stream  of  ten 
students  per  year  for  the  first  three  years,  graduating  the  final  set  of  ten  students  at  the  end  of  the  fourth 
year. 

Through  courses  involving  extensive  laboratory  exercises  and  projects,  student  will  learn  how  to 
design,  build,  configure,  and  manage  systems  and  networks  securely.  During  their  two  years  of  study,  the 
program  will  provide  students  with  a  firm  grounding  in  the  foundations  of  computer  science  and  the 
concepts  and  techniques  for  understanding  modem  information  assurance. 

The  program  is  intended  to  have  a  significant  effect  toward*  filling  the  current  personnel  gap  in 
Information  Assurance  for  the  national  information  infrastructure, 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Other  (Information  Assurance) 
KEYWORDS:  Computer  Security,  Information  Assurance,  Critical  Infrastructure  Protection 


PUBLIC  KEY  INFRASTRUCTURE  (PKI)  LABORATORY  EQUIPMENT  -  FY01 
PUBLIC  KEY  INFRASTRUCTURE  (PKI)  LABORATORY  SUPPORT  AND  EXTENSION 

Cynthia  E.  Irvine,  Associate  Professor 
J.D.  Fulp,  Lecturer 
Department  of  Computer  Science 

Sponsors:  National  Security  Agency  and  Office  of  the  Secretary  of  Defense 

OBJECTIVE:  (1)  This  proposal  is  for  Laboratory  equipment  in  support  of  the  Public  Key  Infrastructure 
(PKI)  Laboratory  operated  by  NPS  CISR,  This  laboratory  will  support  information  Assurance  (IA) 
education  and  a  forthcoming  cyber  defense  exercise.  (2)  This  proposal  is  for  laboratory  equipment  in 
support  of  the  Public  Key  Infrastructure  (PKI)  Laboratory  operated  by  NPS  CISR.  This  laboratory  will 
support  Information  Assurance  (IA)  education  and  a  forthcoming  Cyber  Defense  Exercise. 

SUMMARY:  The  NPS  CISR  PKI  Lab  provides  students  and  research  faculty  with  the  necessary  system 
resources  to  study  implementation  and  security  issues  relating  to  PKI,  Issues  include,  but  are  not  limited  to: 
1)  Implementation  of  the  various  PKI  functional  components  (e.g.,  Certificate  Authority/Server, 
Registration  Authority/Server,  Certificate  Revocation  List,  Key  Archival  and  Recovery,  etc.),  2) 
Interoperability  among  Do D  users,  3)  Interoperability  between  DoD  and  non-DoD  users,  4)  Public  Key 
enabling  of  applications,  and  5)  Certificate  Trust  Hierarchies  and  Relationships. 

Equipment  for  the  PKI  lab  was  initially  provided  in  February  of  2001  under  the  auspices  of  the  DoD 
PKI  Program  Management  Office  (PMO),  An  equipment  upgrade  was  funded  by  the  PMO  in  September  of 
2001.  To  provide  a  more  interesting  and  dynamic  venue  for  the  introduction  of  PKI  to  DoD  Service 
component  student  officers,  the  PMO  and  Service  School  representatives  embarked  on  a  plan  to  wrap  the 
usage  of  PKI  inside  a  student  run  IA  exercise  -  the  “Cyber-Defense  Exercise”  (CDE), 
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The  first  CDE  was  conducted  in  April  of  2001,  though  the  compressed  procurement-to-implementation 
timeframe  did  not  allow  integration  of  PKI  into  the  exercise.  NPS  was  judged  the  un-official  winner  of  the 
2001  CDE  based  upon  the  judgment  of  IW  professionals  from  the  NSA,  USAF,  and  US  Army  (collectively 
the  “Red  Team”)  who  conducted  a  week  long  barrage  of  offensive  exploits  against  each  school’s  network. 
The  “un-official”  win  status  is  due  to  NPS’  unique  status  as  the  only  postgraduate  competitor  in  the 
exercise. 

Planning  for  the  2002  CDE  has  been  ongoing  and  will  culminate  in  the  actual  attack/defend  phase 
during  the  week  of  22  April.  PKI  will  be  utilized  for  the  signing  and  encrypting  of  daily  situation  reports 
from  each  school  to  White  Team  (referee)  participants  at  Carnegie  Mellon  University.  The  situation  reports 
will  document  the  status  of  each  school’s  network  following  each  day’s  eight-hour  attack  period.  The 
reports  will  also  list  any  offensive  intrusion  exploits  that  were  logged  or  otherwise  identified  by  the 
defending  team.  The  winner  will  be  chosen  based  upon  two  criteria:  1)  The  accuracy  and  specificity  of  the 
situation  reports,  and  2)  The  relative  resistance  to,  and  ability  to  recover  from,  Red  Team  exploits. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Other  (Information  Assurance) 

KEYWORDS:  Computer  Security,  Network  Security,  Public  Key  Infrastructure  (PKI),  Authentication 


SECURITY-ENHANCED  WINDOWS  CE 
Cynthia  E.  Irvine,  Associate  Professor 
Department  of  Computer  Science 
Sponsors:  Microsoft  Corporation 

OBJECTIVE:  The  objective  of  the  Secure  Windows  CE  project  is  to  examine  the  data  protection  and  self 
protection  features  of  the  Windows  CE  Operating  System  and  to  develop  structural  modifications  and 
enhancements  to  the  Windows  CE  operating  system  that  would  increase  its  level  of  self  protection.  As  a 
result  users  would  have  greater  confidence  of  die  ability  of  Windows  CE  devices  to  withstand  attempts  to 
penetrate  or  subvert  them,  and  consequently  to  have  greater  confidence  in  the  ability  of  Windows  CE  to 
protect  data  entrusted  to  it. 

SUMMARY:  In  the  absence  of  source  code,  preliminary  studies  of  the  Windows  CE  system  in  the  form  of 
black  box  analysis.  Documents  from  the  open  literature  as  well  as  existing  systems  were  used  as  the  basis 
for  two  analyses. 

In  the  context  of  general  security  redesign  of  operating  systems  the  applicability  of  such  redesign  to  the 
Windows  CE  operating  system  was  explored.  The  operating  system  was  critically  examined  for  externally 
visible  security  weaknesses,  especially  in  the  Input/Output  subsystem  are&.  Recommendations  were  made 
for  improving  the  self-protection  of  Windows  CE. 

Threads  and  processes  in  WinCE,  as  well  as  authentication,  and  public  key  infrastructure  (PKI)  support 
were  examined.  It  was  found  that  Talisker,  the  next  generation  of  WinCE,  supports  Kerberos  an 
authentication  protocol,  and  it  also  supports  PKI  (a  key  management  system)  components.  Using  selected 
applications  and  configuration  management  security  on  a  Talisker  platform  can  be  significantly  enhanced 
beyond  that  usually  supplied  in  "out  of  the  box"  systems. 

THESIS  DIRECTED: 

Bums,  T.,  “Analyzing  Threads  and  Processes  in  Windows  CE,”  Masters  Thesis,  Naval  Postgraduate 
School,  September  2001. 

Pereira,  B.,  “Analyzing  Input/Output  Security  in  Windows  CE,”  Masters  Thesis,  Naval  Postgraduate 
School,  June  2001. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Other  (Information  Assurance) 

KEYWORDS:  Computer  Security,  Information  System  Security,  INFOSEC,  Information  Assurance, 
Network  SecuHty 


16 


PROJECT  SUMMARIES 


SIM  SECURITY 

Cynthia  E,  Irvine,  Associate  Professor 
Department  of  Computer  Science 
Sponsor:  Chief  of  Naval  Education  and  Training 

OBJECTIVE:  The  purpose  of  this  research  is  to  create  a  distance  learning  lab  to  support  hands-on 
learning,  working  with  or  without  distance  learning  modules,  focusing  on  the  subject  of  information 
assurance  (IA). 

SUMMARY:  This  project  is  ongoing.  The  following  summarizes  project  objectives.  The  purpose  of  this 
effort  is  to  create  a  distance  learning  lab  to  support  hands-on  learning,  working  with  or  without  distance 
learning  modules,  focusing  on  the  subject  of  information  assurance  (IA). 

The  lab  will  be  based  on  existing  course  material  that  meets  NSTISSC  Standard  401 1  as  well  as  all  or  part 
of  the  other  NSITISSC  Standards  pertinent  to  Information  Assurance. 

SimSecurity  will  package  an  Information  Assurance  laboratory  in  the  form  of  an  interactive  computer 
game  in  which  players  may  perform  various  roles  involved  in  IA:  manager,  security  administrator,  attacker, 
etc.  Through  the  use  of  agent-based  software  techniques,  the  laboratory  will  adapt  to  the  decision  or 
omissions  of  students,  providing  them  with  a  customized  learning  experience.  The  agent-based  software 
underlying  this  laboratory  facilitates  extensions  as  new  threats  and  countermeasures  in  the  real  world  IA 
landscape  evolve. 

The  laboratory  will  support  both  IA  Training  and  IA  Education,  It  can  be  used  in  an  ad  hoc  fashion  to 
teach  users  IA  concepts  and  vocabulary.  When  used  as  a  self-contained  laboratory  it  provides  an 
introduction  and  tutorial  providing  a  basic  introduction  to  IA  concepts  and  their  application.  When 
combined  with  a  course,  students  navigate  through  the  IA  lab  in  a  systematic  program.  When  used  in 
conjunction  with  learning  modules  and  courses,  such  as  those  developed  by  the  Center  for  INFOSEC 
Studies  and  Research  at  the  Naval  Postgraduate  School,  students  progress  through  a  rigorous  sequence  of 
labs  and  lectures  to  a  NSTISSC-based  certification  and/or  course  credit  from  NPS. 

A  model  of  Information  Assurance  and  a  series  of  scenarios  for  the  simulation  have  been  developed. 
Additional  details  of  the  model  and  scenarios  will  be  developed.  Initial  artwork  has  been  created  to  provide 
backdrops  for  several  scenarios. 
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OBJECTIVE:  The  objectives  of  this  project  are  to  provide  a  quantitative  assessment  of  the  value-added 
due  to  the  DMSO  data  engineering  and  Conceptual  Models  of  the  Mission  Space  (CMMS)  products  and  to 
provide  useful  measures  of  the  health  and  the  status  of  work  in  progress.  Ongoing  NPS  faculty  and 
graduate  students'  efforts  on  software  requirements  analysis  and  risk  reduction  were  leveraged  to  address 
these  objectives. 

SUMMARY:  The  assessment  addressed  the  value  added  by  DMSO  data  engineering  concepts  and  tools, 
as  well  as  metrics  to  support  cost  estimation,  scheduled  planning,  status  of  work  in  progress,  conceptual 
model  complexity,  and  software  defect  evaluation.  In  FY01,  we  focused  our  assessment  efforts  in  the 
following  areas:  (A)  effectiveness  of  software  risk  assessment  models,  (B)  enhancement  to  the  functional 
description  of  the  mission  space  resource  center,  (C)  the  use  of  XML  and  Wrapper-based  translators  for 
heterogeneous  DoD  databases,  and  (D)  metrics  for  systematically  evaluating  and  selecting  automated 
testing  tools. 
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A.  Quantitative  risk  assessment  for  software  development:  Investigation  continued  on  formal  risk 
assessment  models  for  the  evolutionary  software  process  and  their  application  to  DMSO  projects.  The 
methods  and  tools  were  analyzed  and  improved  to  assess  the  risk  and  the  duration  of  software  projects 
automatically,  based  on  measurements  (requirements  volatility,  production  team  efficiency,  and  product 
complexity)  that  can  be  obtained  early  in  the  development  .process.  These  metrics  eliminate  the  subjectivity 
issue  characteristic  of  previous  research.  Any  decision-maker  will  arriye  at  the  same  estimates,  independent 
of  his  or  her  expertise.  The  approach  enables  a  project  manager  to  evaluate  the  probability  of  project 
success  very  early  in  the  life  cycle.  For  more  than  twenty  years  the  estimation  standards  (COCOMO  81, 
COCOMO  II,  Putnam)  have  been  characterized  by  the  common  limitation  that  the  requirements  should  be 
frozen  in  order  to  make  estimations.  Our  models  remove  this  limitation,  facing  the  reality  that  requirements 
are  inherently  variable.  The  effectiveness  of  the  models  was  validated  by  comparing  the  results  of  the 
models  against  data  collected  from  16  simulated  projects  and  3  large,  real  projects. 

1.  Sixteen  Simulated  Projects:  The  simulations  showed  that  the  three  risk  factors  observed  during  the 

causal  analysis  (efficiency,  requirements  volatility,  and  complexity)  have  compound  effects  over 
the  three  parameters  of  the  Weibull  distribution.  The  results  of  the  models  were  illustrated  against 
16  simulated  projects.  Each  model  derives  an  increasing  degree  of  accuracy  based  on:  metrics 
from  the  three  risk  factors,  Weibull  cumulative  density  function,  and  the  derivation  of  the  time. 

•  Models  1-2:  Model  1  can  be  used  when  the  requirements  volatility  is  small.  Model  2 
considers  the  three  factors  (EF,  RV,  and  CX),  but  neglects  the  combined  effect  of  EF  and 
RV. 

•  Model  3:  Model  3,  illustrated  in  Figure  2,  considers  the  three  factors  as  well  as  the 
combined  effects  of  EF  and  RV.  The  analysis  of  variance  shows  that  the  samples  obtained 
from  the  simulations  and  the  samples  obtained  from  the  estimates  using  Model  1,  2  or  3 
cannot  be  statistically  differentiated. 

Another  interesting  result  is  that  the  errors  remain  in  the  range  of  (15%  for  all  of  the 
scenarios.  This  result  is  interesting  if  we  compare  it  with  the  results  of  COCOMO  ((20%  in 
the  best  cases).  Barry  Boehm  in  reference  to  the  validation  of  COCOMO  said,  "In  terms  of 
our  criterion  of  being  able  to  estimate  within  20%  of  projects  actuals,  Basic  COCOMO 
accomplishes  this  in  only  25%  of  the  time,  Intermediate  COCOMO  68%  of  the  time,  and 
Detailed  COCOMO  70%  of  the  time." 

•  Model  4:  Model  4,  can  be  used  for  any  range  of  complexity  and  requirements  volatility,  and 
considers  the  three  factors,  their  combined  effects,  and  the  following  a  priori  assumptions: 

*  A  project  with  0  LGC  will  take  0  days 

*  (,  (,  and  ( >  0 

*  If  RV  increases  the  p(x<=t)  decreases 

*  If  CX  increases  then  p(x<=t)  decreases 

*  If  EF  increases  then  p(x<=t)  increases 

The  scatter  plot  derived  compares  the  simulated  times  versus  the  estimated  times.  Most 
of  the  errors  are  overestimations  and  the  duration  of  the  project  has  ho  effect  over  the 
percentage  of  error.  Model  4  is  conservative.  The  maximum  overestimation  error  was  less 
than  16%  and  the  maximum  underestimation  was  less  than  4%. 

Model  4  gives  a  good  estimation  for  projects  between  4,000  and  20,000  LGC  (128  and 
640  KLOC  of  Ada).  The  estimation  seems  to  be  too  optimistic  for  projects  smaller  than 
1000  LGC  but  it  is  quite  good  for  larger  projects. 

2.  Uruguayan  Navy  Project:  Model  4  was  on  a  war-gaming  simulator  with  75,240  lines  of  code.  The 
software  was  made  up  of  1836  LGC  and  was  developed  in  1.5  years  by  the  Uruguayan  Navy. 
Model  4  predicts  17  months  instead  of  18  months,  the  actual  development  time. 

3.  U.S.  DoD  Project  A:  This  project  used  an  Evolutionary  Spiral  lifecycle  model.  It  used  Object- 
Oriented  methodology  and  was  composed  of  five  computer  software  configuration  items  written 
in  Ada.  It  was  real-time  embedded,  and  used  Rational  Rose  as  a  Computer  Aided  Software 
Engineering  tool  with  the  developer  operating  at  SEI  level  3.  In  addition,  software  metrics  from 
three  builds  over  a  period  of  three  years  had  been  kept. 

Model  4  was  used  to  calculate  the  probability  of  completion  curve  for  the  project.  For 
consistency,  we  used  working  days,  defined  as  22  days  per  month,  the  same  as  used  in  the  original 
Nogueira  model. 
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The  model  predicted  that  the  minimum  time,  in  days,  necessary  to  have  a  probability  of 
completion  of  100%  is  approximately  260  working  days.  When  compared  to  the  actual  time  it 
took,  which  was  336  working  days,  the  model  predicted  completion  sooner.  The  model  predicted 
76  working  days  less,  or  a  22.6%  delta;  (1  *  (260  /  336))  (100)  =  22,6%, 

At  this  point,  with  22.6%  variability,  we  decided  to  investigate  and  see  what  the  original 
estimated  completion  date  was  from  project  records.  The  original  estimation  was  200  working 
days,  with  the  project  schedule  slipping  136  working  days  for  build  3,  The  developer  missed  the 
original  completion  estimation  by  40.5%;  (1-  (200  /  336))  (100)  =  40.5%. 

The  Nogueira  model  missed  the  developer's  original  estimate  by  23.1%;  (l-(200  /  260))  (100) 
=  23.1%.  This  data  point  leaves  us  with  an  inconclusive  position  as  to  the  validation  of  the  model 
against  the  first  project.  It  appears  that  there  is  a  difference  when  using  projects  with  real  data 
versus  simulated  project  data,  reflecting  what  the  real  world  is  -  unpredictable. 

4.  U.S.  DoD  Project  B;  This  project  originally  used  an  incremental  build  lifecycle  model  and  not  an 
evolutionary  model.  It  originally  used  Functional  Decomposition  methodology  and  was  composed 
of  six  Computer  Software  Configuration  Items.  Written  in  ADA  and  assembly  language,  it  was 
real-time  embedded.  It  did  use  upper  CASE  tools,  like  Requirements  Traceability  Matrix  (RTM), 
however  did  not  use  lower  CASE  tools  such  as  Rational  Rose,  The  development  effort  initially 
was  performed  in  an  ad-hoc  manner  with  little  software  process  involved  and  had  experienced 
extreme  volatility  and  poor  metrics  early  in  its  development.  However,  due  to  a  major  restructure 
and  overhaul  of  the  project,  and  a  shift  of  focus  to  institutionalizing  software  processes,  (SEI 
CMM  level  3  certification),  the  project  migrated  to  ADA,  and  began  using  a  modified  Incremental 
Build  lifecycle  model.  In  addition,  suitable  software  metrics  from  two  recent  builds  were 
available.  We  used  Dr.  Nogueira's  Model  4  to  calculate  the  probability  of  completion  curve  for 
Build  2  using;  BR-2.59,  DR-3,04,  RV-5.63,  0=2544,  D-4G10,  T-1003,  The  model  predicted 
Impossible, 

Actual  time  for  build  2  took  from  4/24/00  until  7/10/00  or  68  working  days  at  22  working  days  a 
month.  We  believe  this  inconsistency  is  due  primarily  to  the  calculation  for  the  LGC  count  being 
based  on  all  six  Computer  Software  Configuration  Items  (CSCI).  Core  functionality  on  three 
CSCIs;  CSCI-A,  CSCI-B,  and  CSCI-C  had  been  previously  developed  and  validated.  However, 
the  builds  during  this  period,  involved  addition  of  functionality  to  the  following  CSCIs;  CSCLD, 
CSCI-E,  and  CSCI-F.  That  is,  build  2  was  modifying  only  a  portion  of  the  total  software  system 
code,  but  the  LGC  data  gives  a  view  of  all  six  CSCIs  combined. 

The  available  data  was  not  broken  down  into  separate  CSCIs,  nor  did  it,  post-mortem,  identify 
the  code  that  was  being  worked  in  a  previous  software  release.  We  cannot  fault  the  developer  for 
not  collecting  metrics  for  research  concepts  that  they  are  not  aware  of,  nor  do  we  believe  that  this 
type  of  data  collection  is  a  requirement  of  CMM  level  3. 

A  finding  of  this  research  is  the  need  to  adjust  the  CX  when  applying  the  Nogueira  model  to 
evolved  projects  that  are  developing  or  enhancing  only  a  portion  of  their  CSCJs. 

As  previously  stated,  this  project  did  not  utilize  a  lower  case  tool  such  as  Rational  Rose.  We 
believe  use  of  such  a  tool  is  essential  when  attempting  to  apply  the  Nogueira  formal  model,  as  it 
provides  the  capability  to  collect  detailed  information,  over  the  software  development  lifecycle. 
The  data  can  later  be  extracted  and  used  for  input  to  the  Nogueira  model  metrics. 

B,  Analysis  and  enhancement  to  the  functional  description  of  the  Mission  Space  Resource  Center;  DMSO 
developed  the  Functional  Description  of  the  Mission  Space  (FDMS)  Resource  Center  under  the  guidance  of 
Do D  5000.59-P,  DoD  Modeling  and  Simulation  Master  Plan.  The  FDMS  Resource  Center  provides  a 
controlled  repository  for  modeling  and  simulation  (M&S)  data  and  promotes  data  standardization  and 
reuse.  The  FDMS  Resource  Center  is  currently  functional  and  on-line  at  http://38.241. 48,9, 

Use  of  the  FDMS  Resource  Center  is  voluntary  on  the  part  of  DoD  M&S  organizations,  although 
maximum  use  of  the  Center  is  paramount  if  standardization  and  reuse  synergies  are  to  be  realized.  In  an 
effort  to  encourage  more  use  of  the  Resource  Center's  capabilities,  we  analyzed  the  Resource  Center, 
interviewed  the  Center's  principals,  and  developed  a  set  of  recommendations  governing  screenshots 
appearance,  data  workflow  control,  and  privilege  permission  selections  to  simplify  and  clarify  the  Center's 
user  process; 

1.  The  FDMS  libraries  will  refer  to  the  digital  files  in  its  repository  as  "products." 
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2.  The  Design  and  Create  Documents  screen  will  clarify  the  difference  between  "register"  and 
"submit." 

3.  The  Register  New  Products  screen  will  clearly  inform  the  user  of  his  options  regarding  creating 
registration  elements  or  registering  products. 

•  The  screen  will  present  the  user  with  two  options:  to  register  a  product  or  to  create  a 
registration  element. 

•  The  screen  will  briefly  define  "registration  element"  so  that  the  user  can  make  an  informed 
decision. 

4.  The  FDMS  system  will  control  the  creation  of  registration  elements. 

•  The  Producer  will  not  be  able  to  use  a  registration  element  and  it  will  not  be  visible  to  users 
other  than  the  Administrator  until  it  is  approved  by  the  governing  Sponsor. 

•  The  FDMS  system  will  overtly  notify  the  governing  Sponsor  and  Producer  during  the 

.  s  various  steps  in  creating  a  registration  element. 

•  The  Create  Registration  Element  screen  will  clearly  inform  the  user  how  to  create  a 
registration  element.  The  screen  will  have  a  clear  header  and  definition,  will  not  have 
misleading  underlining,  and  its  top  "Register"  button  will  be  labeled  to  reflect  its  true  "go 
back  one  screen"  function. 

5.  The  FDMS  system  will  control  the  submission  of  products  for  approval. 

•  The  system  will  overtly  notify  the  governing  Sponsor  and  Producer  during  the  various  steps 

in  the  submission  of  products  for  approval. 

•  The  top  "Register"  button  on  the  Register  Product(s)  screen  will  be  labeled  to  reflect  its  true 
"go  back  one  screen"  function. 

6.  The  Product/Registration  Element  Approval  screen  will  be  clear. 

•  The  screen  header  will  be  correctly  labeled. 

•  The  headers  of  the  first  and  second  columns  of  the  approval  table  will  read 
"Product/Registration  Element"  and  "Sponsor",  respectively. 

7.  The  headers  of  the  second  and  third  columns  of  the  approval  table  in  the  Product  Endorsement 
screen  will  read  "Sponsor"  and  "Endorsed",  respectively. 

8.  A  Sponsor  will  be  able  to  define  groups  and  assign  privileges  to  those  groups. 

•  A  Sponsor  will  be  able  to  create  and  modify  groups.  Each  group  will  have  a  unique  name. 
The  Sponsor  will  have  the  option  to  add  notes  or  explanatory  comments  about  a  group.  The 
system  will  display  the  names  of  users  so  that  the  Sponsor  can  select  user  names  from  the 
display  to  be  members  of  his  group.  A  Sponsor  will  have  the  option  of  allowing  other  users 
to  use  his  group  or  of  restricting  all  other  users  from  using  his  group. 

•  A  Sponsor  will  be  able  to  assign  FDMS  privileges  to  a  group  in  the  same  manner  as  he 
would  to  an  individual  user. 

The  implementation  of  these  recommendations  into  subsequent  versions  of  the  FDMS 
Resource  Center  will  significantly  improve  the  usability  of  the  web-based  repository  and  novice 
user’s  understanding  of  the  organization  and  functionality  of  the  FDMS  Resource  Center.  This,  in 
turn,  will  encourage  members  of  the  DoD  modeling  and  simulation  community  to  exploit  the 
Resource  Center  by  registering  and  analyzing  their  own  products  in  the  repository  and  by  reusing 
other  registered  products.  This  anticipated  synergy  will  directly  support  the  first  and  fourth 
objectives  of  the  draft  DoD  Modeling  and  Simulation  Master  Plan. 

C.  Evaluation  of  XML  and  Wrapper-based  translators  for  heterogeneous  DoD  databases:  In  today's  combat 
environment,  the  US  military  and  its  allies  find  themselves  in  the  midst  of  the  information  age  they  helped 
to  start.  This  information  and  applied  systems  abound  in  all  parts  of  the  services  and  at  locations  throughout 
the  globe.  To  influence  decisions,  commanders  and  their  respective  staffs  need  the  most  up-to-date 
information  available.  This  information  comes  from  various  sources,  but  especially  from  computer  systems, 
many  of  which  were  developed  over  the  last  few  decades  before  interoperability  became  a  concern.  These 
stovepipe  systems  cannot  pass  information  to  each  other  because  they  use  incompatible  message  sets.  We 
developed  an  object-oriented  model  for  a  "wrapper-based"  translator  to  resolve  the  representational 
differences  between  heterogeneous  systems  which  include:  (1)  an  integrated  development  environment  for 
users  to  create  such  models,  (2)  methods  for  determining  object  correspondence  during  system  integration, 
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and  (3)  the  use  of  the  Extensive  Markup  Language  (XML)  as  a  means  for  establishing  interoperability 
between  multiple  DoD  databases. 

D.  Metrics  for  measuring  the  effectiveness  of  software  testing  tools:  The  levels  of  quality,  maintainability, 
testability,  and  stability  of  software  can  be  improved  and  measured  through  the  use  of  automated  testing 
tools  throughout  the  software  development  process.  Automated  testing  tools  assist  software  engineers  to 
gauge  the  quality  of  software  by  automating  the  mechanical  aspects  of  the  software-testing  task.  Automated 
testing  tools  vary  in  their  underlying  approach,  quality,  and  ease-of-use,  among  other  characteristics. 
Evaluating  available  tools  and  selecting  the  most  appropriate  suite  of  tools  can  be  a  difficult  and  time- 
consuming  process.  We  proposed  a  suite  of  objective  metrics  for  measuring  tool  characteristics  as  an  aide 
in  systematically  evaluating  and  selecting  automated  testing  tools  for  both  procedural  and  object-oriented 
source  code. 

The  proposed  metrics  for  evaluating  testing  tools*  include: 

1.  Human  Interface  Design  (HID)  -  This  metric  measures  whether  the  tools  have  well  designed 
human  interfaces  to  enable  easy,  efficient,  and  accurate  setting  of  tool  configuration.  A  large  HID 
indicates  the  level  of  complexity  in  learning  the  tool's  procedures  and  the  likelihood  of  errors  in 
using  the  tool  over  a  long  period  of  time, 

2.  Maturity  &  Customer  Base  (MCB)  -  This  metric  measures  the  maturity  of  a  tool,  as  indicated  by 
the  customer  satisfaction  in  the  tool's  ability  to  adequately  test  their  software, 

3.  Tool  Management(TM)  -  This  metric  measures  the  ability  of  Automated  testing  tools  to  provide 
for  several  users  to  access  the  information  while  ensuring  proper  management  of  the  information. 

4.  Ease  of  Use  (EU)  -  Ease  of  use  accounts  for  the  learning  time  of  first-time  users,  retainability  of 
procedural  knowledge  for  frequent  and  casual  users,  and  operational  time  of  frequent  and  casual 
users. 

5.  User  Control  (UC)  -  This  metric  measures  the  ability  of  the  testing  tools  that  provide  users 
expansive  control  over  tool  operations.  It  enables  testers  to  effectively  and  efficiently  test  those 
portions  of  the  program  that  are  considered  to  have  a  higher  level  of  criticality,  have  insufficient 
coverage,  or  meet  other  criteria  determined  by  the  tester.  UC  is  defined  as  the  summation  of  the 
different  portions  and  combinations  of  portions  that  can  be  tested. 

6.  Test  Case  Generation  (TCG)  -  This  metric  measures  the  ability  of  the  test  tools  to  automatically 
generate  and  readily  modify  test  cases,  either  based  on  parsing  the  software  under  test  or  on 
modification  to  the  software  under  test. 

7.  Tool  Support  (TS)  -  This  metric  measures  the  degree  of  technical  support  provided  by  the 
vendor, 

8.  Estimated  Return  on  Investment  (EROI)  -  This  metric  measures  the  estimated  gain  in 
productivity,  software  quality,  and  testing  cost  reduction  against  cost  of  tool  investment, 

9.  Reliability  (Rel)  -  This  metric  measures  the  average  mean  time  between  tool  failures. 

10.  Maximum  Number  of  Classes  (MNC)  -  This  metric  measures  the  maximum  number  of  software 
classes  that  may  be  included  in  a  tool's  testing  project. 

11.  Maximum  Number  of  Parameters  (MNP)  -  This  metric  measures  the  maximum  number  of 
parameters  that  may  be  included  in  a  tool's  testing  project. 

12.  Response  Time  (RT)-  Time  required  to  conduct  a  test  case  on  specified  size  of  software. 

13.  Features  Support  (FS)  -  This  metric  measures  features  like  extensibility,  database  availability, 
integration  with  software  development  environment,  and  summary  report  generation. 

These  metrics  were  applied  to  the  three  testing-tool  suites.  During  the  process,  we  discovered  that 
several  of  the  metrics  are  quite  difficult,  if  not  impossible,  to  calculate  without  having  additional 
information  supplied  by  the  tool  vendor.  For  example,  if  a  vendor  has  not  conducted  a  study  on  the  tool's 
operational  retainability  by  its  users,  experiments  would  need  to  be  designed  and  conducted  to  evaluate  the 
performance  of  users  in  applying  the  tools.  If  a  vendor  does  not  have  statistics  on  its  average  response  time 
to  customer  support  requests,  calculating  the  measure  would  be  impossible.  Success  was  achieved  in 
applying  several  of  the  metrics  including  HID,  TCG,  and  reporting  features  (RF),  HID  measurements  were 
calculated  for  each  testing  tool  based  on  the  sub-metrics  of  average  keyboard-to-mouse  switches,  average 
input  fields  per  function,  average  length  of  input  fields,  and  button  recognition  when  applicable.  The  sub¬ 
metrics  demonstrated  non-coarseness  (different  values  were  measured),  finiteness  (no  metric  was  the  same 
for  all  tools),  and  non-uniqueness  (some  equal  values  were  obtained).  The  HID  measurements  were  all 
unique,  indicating  that  the  measurement  could  be  useful  in  comparing  tools  during  the  evaluation  and 
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selection  process.  TCG  measurements  also  provided  unique  measurements  for  each  tool.  Sub-metrics 
measuring  levels  of  automated  test-case  generation  and  test  case  reuse  functionality  demonstrated  the 
qualities  of  non-coarseness,  fmiteness,  and  non-uniqueness.  RF  measurements  were  also  successful.  It  is 
simple  to  determine  whether  a  tool  automatically  generates  summary  reports  (SR)  that  are  viewable  without 
the  tool  application  running  (e.g.,  HTML  or  ASCII  text  document).  The  RF  metric  is  non-coarse,  finite,  and 
non-unique.  However,  because  each  tool  earned  a  SR  score  of  one,  additional  testing  should  be  conducted 
to  determine  SR's  level  of  non-uniqueness. 
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DYNAMIC  ASSEMBLY  FOR  SYSTEMS  ADAPTABILITY,  DEPENDABILITY,  AND 
ASSURANCE  (DASADA)  PROJECT 
Luqi,  Professor 

Department  of  Computer  Science 
Sponsor:  Defense  Advanced  Research  Projects  Agency 

OBJECTIVE:  For  NPS  to  support  DARPA's  efforts  with  the  DASADA  project  in  software  technology 
and  development  for  future  adoption  in  military  systems.  The  expected  benefits  of  the  proposed  effort  are 
to  facilitate  the  transition  of  DASADA  technologies  to  military  applications,  to  prepare  young  officers  for 
technical  missions  involving  such  technologies,  and  to  lower  barriers  between  warfighters  and 
technologies.  It  is  an  investment  for  the  training  of  out  future  admirals 

SUMMARY:  Important  results  accomplished  in  2001  include: 

•  Conducted  critical  study  and  review  of  the  1 9  DASADA  proj  ects, 

•  Educated  DoD  engineers  and  military  officers  on  DASADA  technologies  via  distance  learning, 

•  Conducted  in-depth  case  study  of  one  the  EDP  programs, 

•  Developed  checklist  and  template  .for  DASADA  technology  evaluation, 

•  1  Developed  a  guide  to  help  DoD  managers  to  select  software  metrics  in  acquiring  new 

technologies  for  weapon  systems  software, 

A  review  of  the  DARP A  functional  requirements  listed  in  the  request  for  proposals  as  well  as  various 
DASADA  briefs,  white  papers,  periodicals,  and  other  DoD  on-line  resources  was  conducted.  In  addition, 
analysis  generated  from  the  DASADA  program  conference  held  at  the  Naval  Postgraduate  School^ 
Monterey,  CA  from  31  January-2  February  2001  was  completed.  An  in-depth  analysis  of  the  19  DASADA 
technologies  was  conducted  during  the  DARPA-sponsored  demonstration  held  in  Baltimore  4-5  June  2001. 

An  in-depth  study  of  the  Managed  Information  and  Network  Exchange  Router  (MINER)  program  was 
performed  and  a  template  was  developed  to  ensure  standardization  and  serve  as  a  metric  for  approval  or 
disapproval  of  the  implementation  of  the  DASADA  technology  in  a  specific  software  system.  The 
template  diagrams  the  software  architecture,  the  system  components,  desired  functionality,  and  logical 
relationship  among  components  with  respect  to  the  DASADA  technologies. 

During  the  fact-finding  efforts  at  the  "DASADA  Demo  Days"  in  Baltimore,  Maryland,  a  significant 
amount  of  insight  into  the  development  status  of  each  of  the  projects  as  well  as  comprehensive  information 
into  each  of  the  technologies  was  attained.  It  was  observed  that  some  of  the  projects  were  aggressively 
coordinating  with  other  technologies  as  well  as  working  with  an  Experimental  Demonstration  Project 
(EDP).  Several  projects  just  recently  matured  their  technology  to  the  point  where  they  were  going  to 
contact  one  of  the  EDPs  in  the  near  future  for  demonstration  purposes.  Lastly,  there  was  a  hand  full  of 
projects  that  were  not  even  close  to  the  development  level  to  demonstrate  their  projects  much  less  than 
working  with  an  EDP  in  the  near  future.  It  was  found  that  the  technologies,  which  are  currently 
coordinating  with  industry  on  the  development  of  embedded  software  systems,  are  the  most  applicable  to 
the  original  spirit  of  the  DASADA  Program.  These  technologies  include: 

•  MetaH  (modeling,  timing  analysis), 

•  UNCLE  (constraint  consistency  gauges), 

•  QRAM  (resource  allocation  gauges), 

•  IMPACT  (system  load  tracking  and  visualization), 

•  Proteus  (run  time  and  design  time  gauges  for  alternate  architecture  deployment). 

This  analysis  also  concludes  that  there  are  particular  web  and  network-based  systems  that  in  all 
likelihood  will  prove  to  be  of  considerable  benefit  to  DoD.  These  technologies  include: 

•  SIM-TABASSCO  (component  interoperability  gauges), 

•  Kinesthetics  extreme  (probes  and  gauges  for  runtime  monitoring  of  web-based  systems), 

•  Venice  tool  (design  time  component  assembly  tool). 

There  were  two  aspects  of  the  DASADA  program  that  warrant  mentioning  due  to  their  success;  the 
first  being  that  DARPA  deemed  the  best  method  to  achieve  the  program  objective  was  to  merge  academia 
with  DoD  projects  so  that  the  developing  technologies  had  readily  available  real-world  projects  to 
demonstrate  their  advanced  technological  capabilities.  The  second  aspect  was  the  exposure  to  DoD 
engineers  of  the  state-of-the-art  software  engineering  technology  that  the  DASADA  program  exemplifies 
during  the  DASADA  Winter  Principal  Investigator  (PI)  Meeting  in  January  2001.  To  facilitate  the  transfer 
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of  DASADA  technologies  to  DoD  users,  we  hosted  the  Winter  PI  meeting  at  the  Naval  Postgraduate 
School  and  arranged  over  40  DoD  engineers  and  military  officers  attended  the  meeting  via  distance 
learning. 

A  guide  was  also  developed  to  help  DoD  managers  on  selecting  the  most  effective  set  of  software 
metrics  to  help  DoD  managers  in  acquiring  new  technologies  for  weapon  systems  software.  The  guide  will 
be  useful  in  helping  DoD  Managers  to  acquire  future  DASADA  technologies. 

THESIS  DIRECTED: 

Mandak,  W.  and  Stowell,  C.,  "Dynamic  Assembly  for  System  Adaptability,  Dependability  and  Assurance 
(DASADA)  Project  Analysis,"  Masters  Thesis,  Naval  Postgraduate  School,  June  2001 . 

Ramgolam,  R.,  "A  Guide  to  Selecting  Software  Metrics  for  the  Acquisition  of  Weapon  Systems,"  Masters 
Thesis,  Naval  Postgraduate  School,  September  2001 . 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Software  Engineering,  DASADA 


ENGINEERING  AUTOMATION  FOR  RELIABLE  SOFTWARE 
Luqi,  Professor 

Department  of  Computer  Science 
Sponsor:  UJS.  Army  Research  Office 

OBJECTIVE:  This  research  addresses  the  problem  of  how  to  produce  reliable  software  that  is  also 
flexible  and  cost  effective  for  the  DoD  distributed  software  domain.  Current  and  future  DoD  software 
systems  fall  into  two  categories:  Information  systems  and  Warfighter  systems.  Both  kinds  of  systems  can 
be  distributed,  heterogeneous  and  network-based,  consisting  of  a  set  of  components  running  on  different 
platforms  and  working  together  via  multiple  communication  links  and  protocols.  It  was  proposed  to  tackle 
the  problem  with  a  "wrap  and  glue”  technology  that  is  based  on  a  domain  specific  distributed  prototype 
model.  The  key  to  make  this  approach  reliable,  flexible,  and  cost-effective  is  the  automatic  generation  of 
glue  and  wrappers  based  on  the  designer’s  specifications.  Glue  and  wrappers  are  software  that  bridge  the 
interoperability  gap  between  individual  COTS/GOTS  components.  Research  was  proposed  on  enabling 
technologies  for  this  approach  including  prototyping,  automatic  program  generation,  inference  for  design 
checking,  reliability  assessment,  and  reliability  improvement. 

SUMMARY:  The  work  focused  on  "wrap  and  glue"  technology  based  on  a  domain  specific  distributed 
prototype  model.  The  key  to  making  the  proposed  approach  reliable,  flexible,  and  cost-effective  is  the 
automatic  generation  of  glue  and  wrapper  software  based  on  a  designer’s  specification.  The  proposed  "wrap 
and  glue"  approach  allows  system  designers  to  concentrate  on  the  difficult  interoperability  problems  and 
defines  solutions  in  terms  of  deeper  and  more  difficult  interoperability  issues,  while  freeing  designers  from 
implementation  details.  The  objective  of  our  research  is  to  develop  an  integrated  set  of  formal  models  and 
methods  for  system  engineering  automation.  These  results  will  enable  building  decision  support  tools  for 
concurrent  engineering.The  research  addresses  complex  modular  systems  with  embedded  control  software 
and  real-time  requirements. 

The  longer-term  goals  are  to  construct  an  integrated  set  of  software  tools  that  can  improve  software 
quality  and  flexibility  by  automating  a  significant  part  of  the  process  and  providing  substantial  decision 
support  for  the  aspects  that  cannot  be  automated.  The  resulting  development  environment  should  be 
adaptable  to  enable  (1)  maintaining  integrated  support  in  the  presence  of  business  process  improvement,  (2) 
incorporation  of  future  improvements  in  engineering  automation  methods,  and  (3)  specialization  to 
particular  problem  domains. 

In  FY01,  models  and  methods  were  investigated  for  solving  the  integration  and  interoperability 
problems  in  component-based  distributed  heterogeneous  systems  development. 
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The  work  resulted  in  models  and  languages  for  specifying  the  architecture  of  distributed  heterogeneous 
systems  and  components,  as  well  as  technologies  and  tools  to  automate  the  integration  of  distributed 
heterogeneous  software  component  via  the  automatic  generation  of  glue  and  wrappers  from  specifications. 
An  object-oriented  model  for  a  wrapper-based  translator  was  developed  to  resolve  the  representational 
differences  between  heterogeneous  systems;  an  integrated  development  environment  for  users  to  create 
such  models;  methods  for  determining  object  correspondence  during  system  integration;  and  .the  use  of  the 
Extensive  Markup  Language  (XML)  as  a  means  for  establishing  interoperability  between  multiple  DoD 
databases.  Techniques  were  also  developed  for  decision  support  for  optimizing  distributed  object  servers 
utilization,  as  well  as  the  use  software  decoys  to  improve  the  security  of  distributed  heterogeneous  systems. 

In  addition,  formal  risk  assessment  models  were  investigated  for  the  evolutionary  software  process. 
Methods  and  tools  were  formulated  to  assess  the  risk  and  the  duration  of  software  projects  automatically, 
based  on  measurements  (requirements  volatility,  production  team  efficiency,  and  product  complexity)  that 
can  be  obtained  early  in  the  development  process.  The  effectiveness  of  the  models  was  validated  by 

comparing  the  results  of  the  models  against  data  collected  from  3  large  real  projects  and  16  simulated 
projects. 

Investigators  worked  with  the  U.S.  Army  TACOM  to  develop  formal  models  and  methods  to  assess 
the  maturity/risk  of  emerging  software  technologies  and  to  assist  managers  to  size  the  software  technology 
infrastructure, 
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IMPROVED  SOFTWARE  TECHNOLOGY  FOR  THE  NEXT  GENERATION  AIRCRAFT 

CARRIER 
Luqi,  Professor 

Department  of  Computer  Science 
Sponsor:  Naval  Sea  Systems  Command 

OBJECTIVE:  The  objective  of  the  proposed  project  is  to  improve  software  technology  in  areas  of  concern 
to  NAVSEA,  and  to  apply  the  results  to  software  issues  arising  in  future  aircraft  carriers  such  as  CVX.  For 
example,  we  will  investigate  better  ways  to  achieve  software  interoperability  among  aircraft  carrier 
systems,  and  to  identify  and  mitigate  software-related  risk  factors  in  the  early  stages  of  the  project,  when 
requirements  are  fluid  and  detailed  designs  are  not  yet  available. 

SUMMARY:  A.  XML  and  Wrapper-based  translators  for  system  interoperability:  In  today's  combat 
environment,  the  U.S.  military  and  its  allies  find  themselves  in  the  midst  of  the  information  age  they  helped 
to  start.  This  information  and  applied  systems  abound  in  all  parts  of  the  services  and  at  locations  throughout 
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the  globe.  To  influence  decisions,  commanders  and  their  respective  staffs  need  the  most  up-to-date 
information  available.  This  information  comes  from  various  sources,  but  especially  from  computer  systems, 
many  of  which  were  developed  over  the  last  few  decades  before  interoperability  became  a  concern.  These 
stovepipe  systems  cannot  pass  information  to  each  other  because  they  use  incompatible  message  sets.  ’ 

An  object-oriented  model  for  a  "wrapper-based"  translator  was  developed  to  resolve  the 
representational  differences  between  heterogeneous  systems,  which  solves  the  data  and  operation 
inconsistency  problem  in  legacy  systems  based  on  an  Object-Oriented  Model  for  Interoperability  (OOMI), 
A  Federation  Interoperability  Object  Model  (FIOM)  is  defined  for  a  specific  federation  of  systems 
designated  for  interoperation.  The  data  and  operations  to  be  shared  between  systems  are  captured  in  a 
number  of  Federation  Interoperability  Classes  (FICs)  used  to  define  the  interoperation  between  legacy 
systems.  Software  wrappers  are  generated  according  to  the  FIOM  that  enable  automated  translation 
between  different  data  representations  and  operation  implementations.  We  also  studied  the  use  of  XML- 
based  message  translation  for  implementation  of  the  proposed  model.  The  capability  provided  by  the  XML 
family  of  tools  coincides  nicely  with  the  requirement  for  data  and  operation  representation  capture  and 
translation. 

B,  Interoperability  model  for  re-engineering  legacy  software:  Legacy  software  systems  in  the  Department 
of  Defense  (DoD)  have  been  evolving  and  are  becoming  increasingly  complex  while  providing  more 
functionality.  The  shortage  of  original  software  designs,  lack  of  corporate  knowledge  and  software  design 
documentation,  unsupported  programming  languages,  and  obsolete  real-time  operating  system  and 
development  tools  have  become  critical  issues  for  the  acquisition  community.  Consequently,  these  systems 
are  now  very  costly  to  maintain  and  upgrade  in  order  to  meet  current  and  future  functional  and 
nonfunctional  requirements. 

A  new  interoperability  model  for  re-engineering  of  old  procedural  software  of  the  Multifunctional 
Information  Distributed  System  Low  Volume  Terminal  (MIDS-LVT)  to  a  modem  object-oriented 
architecture  was  developed.  In  the  MIDS-LVT  modernization  acquisition  strategy,  only  one  Computer 
Software  Configuration  Item  (CSCI)  component  at  a  time  will  be  redesigned  into  an  object-oriented 
program  while  interoperability  with  other  unmodified  CSCIs  in  the  MIDS-LVT  distributed  environment 
must  be  maintained.  Using  this  model,  each  legacy  CSCI  component  can  be  redesigned  independently 
without  affecting  the  others.  Lessons  learned  from  this  re-engineering  effort  will  benefit  future  integration 
of  legacy  software  in  CVX  and  other  DoD  systems. 

C.  Quantitative  risk  assessment  for  software  development:  Formal  risk  assessment  models  and  methods  for 
the  evolutionary  software  process  and  their  application  to  CVX  and  DoD  projects  were  investigated.  The 
methods  and  tools  to  assess  the  risk  and  the  duration  of  software  projects  automatically  were  analyzed  and 
tested,  based  on  measurements  (requirements  volatility,  production  team  efficiency,  and  product 
complexity)  that  can  be  obtained  early  in  the  development  process.  These  metrics  eliminate  the  subjectivity 
issue  characteristic  of  previous  research.  Any  decision-maker  will  arrive  at  the  same  estimates,  independent 
of  his  or  her  expertise.  The  approach  enables  a  project  manager  to  evaluate  the  probability  of  project 
success  very  early  in  the  life  cycle.  For  more  than  twenty  years  the  estimation  standards  (COCOMO  81, 
COCOMO  II,  Putnam)  have  been  characterized  by  the  common  limitation  that  the  requirements  should  be 
frozen  in  order  to  make  estimations.  The  models  remove  this  limitation,  facing  the  reality  that  requirements 
are  inherently  variable.  The  effectiveness  of  the  models  was  validated  by  comparing  the  results  of  the 
models  against  data  collected  from  16  simulated  projects  and  3  large,  real  projects. 

1,  Sixteen  Simulated  Projects:  The  simulations  showed  that  the  three  risk  factors  observed  during  the 
causal  analysis  (efficiency,  requirements  volatility,  and  complexity)  have  compound  effects  over 
the  three  parameters  of  the  Weibull  distribution.  The  results  of  the  models  were  illustrated  against 
16  simulated  projects.  Each  model  derives  an  increasing  degree  of  accuracy  based  on:  metrics 
from  the  three  risk  factors,  Weibull  cumulative  density  function,  and  the  derivation  of  the  time, 

•  Models  1-2:  Model  I  can  be  used  when  the  requirements  volatility  is  small.  Model  2 
considers  the  three  factors  (EF,  RV,  and  CX),  but  neglects  the  combined  effect  of  EF  and 
RV.  Figure  1  illustrates  the  results  of  the  models  that  were  calculated  using  95%  of 
confidence  (p—0.95).  Note  the  errors  as  vertical  segments  between  the  estimated  and  real 
values, 

•  Model  3:  Model  3,  illustrated  in  Figure  2,  considers  the  three  factors  as  well  as  the 
combined  effects  of  EF  and  RV,  The  analysis  of  variance  shows  that  the  samples  obtained 
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from  the  simulations  and  the  samples  obtained  from  the  estimates  using  Model  1,  2  or  3 
cannot  be  statistically  differentiated. 

Another  interesting  result  is  that  the  errors  remain  in  the  range  of  ±15%  for  all  of  the 
scenarios.  This  result  is  interesting  if  we  compare  it  with  the  results  of  COCOMO  (±20%  in 
the  best  cases).  Barry  Boehm  in  reference  to  the  validation  of  COCOMO  said,  "In  terms  of 
our  criterion  of  being  able  to  estimate  within  20%  of  projects  actuals,  Basic  COCOMO 
accomplishes  this  in  only  25%  of  the  time,  Intermediate  COCOMO  68%  of  the  time,  and 
Detailed  COCOMO  70%  of  the  time." 

•  Model  4:  Model  4,  Figure  2,  can  be  used  for  any  range  of  complexity  and  requirements 
volatility,  and  considers  the  three  factors,  their  combined  effects,  and  the  following  a  priori 
assumptions: 

■"A  project  with  0  LGC  will  take  0  days 

*  (,  (,  and  ( >  0 

*  If  RV  increases  the  p(x<=t)  decreases 

*  If  CX  increases  then  p(x<=t)  decreases 

*  If  EF  increases  then  p(x<=t)  increases 

The  scatter  plot  derived  compares  the  simulated  times  versus  the  estimated  times.  Most 
of  the  errors  are  overestimations  and  the  duration  of  the  project  has  no  effect  over  the 
percentage  of  error.  Model  4  is  conservative.  The  maximum  overestimation  error  was  less 
than  16%  and  the  maximum  underestimation  was  less  than  4%. 

Model  4  gives  a  good  estimation  for  projects  between  4,000  and  20,000  LGC  (128  and 
640  KLOC  of  ADA).  The  estimation  seems  to  be  too  optimistic  for  projects  smaller  than 
1000  LGC  but  it  is  quite  good  for  larger  projects. 

2.  Uruguayan  Navy  Project:  Model  4  was  applied  on  a  war-gaming  simulator  with  75,240  lines  of 
code.  The  software  was  made  up  of  1836  LGC  and  was  developed  in  1.5  years  by  the  Uruguayan 
Navy.  Model  4  predicts  17  months  instead  of  18  months,  the  actual  development  time. 

3.  U.S.  DoD  Project  A:  This  project  used  an  Evolutionary  Spiral  lifecycle  model.  It  used  Object- 
Oriented  methodology  and  was  composed  of  five  computer  software  configuration  items  written 
in  ADA.  It  was  real-time  embedded,  and  used  Rational  Rose  as  a  Computer  Aided  Software 
Engineering  tool  with  the  developer  operating  at  SEI  level  3.  In  addition,  software  metrics  from 
three  builds  over  a  period  of  three  years  had  been  kept. 

Model  4  was  used  to  calculate  the  probability  of  completion  curve  for  the  project.  For 
consistency,  we  used  working  days,  defined  as  22  days  per  month,  the  same  as  used  in  the  original 
Nogueira  model. 

The  model  predicted  that  the  minimum  time,  in  days,  necessary  to  have  a  probability  of 
completion  of  100%  is  approximately  260  working  days.  When  compared  to  the  actual  time  it 
took,  which  was  336  working  days,  the  model  predicted  completion  sooner.  The  model  predicted 
76  working  days  less,  or  a  22.6%  delta:  (1  -  (260  /  336))  (100)  =  22.6%. 

At  this  point,  with  22.6%  variability,  we  decided  to  investigate  and  see  what  the  original 
estimated  completion  date  was  from  project  records.  The  original  estimation  was  200  working 
days,  with  the  project  schedule  slipping  136  working  days  for  build  3.  The  developer  missed  the 
original  completion  estimation  by  40.5%:  (1-  (200  /  336))  (100)  =  40.5%. 

The  Nogueira  model  missed  the  developer's  original  estimate  by  23.1%:  (1-(200  /  260))  (100) 
=  23.1%. 

This  data  point  leaves  us  with  an  inconclusive  position  as  to  the  validation  of  the  model  against 
the  first  project.  It  appears  that  there  is  a  difference  when  using  projects  with  real  data  versus 
simulated  project  data,  reflecting  what  the  real  world  is  -  unpredictable. 

4.  U.S.  DoD  Project  B:  This  project  originally  used  an  incremental  build  lifecycle  model  and  not  an 
evolutionary  model.  It  originally  used  Functional  Decomposition  methodology  and  was  composed 
of  six  Computer  Software  Configuration  Items.  Written  in  ADA  and  assembly  language,  it  was 
real-time  embedded.  It  did  use  upper  CASE  tools,  like  Requirements  Traceability  Matrix  (RTM), 
however  did  not  use  lower  CASE  tools  such  as  Rational  Rose.  The  development  effort  initially 
was  performed  in  an  ad-hoc  manner  with  little  software  process  involved  and  had  experienced 
extreme  volatility  and  poor  metrics  early  in  its  development.  However,  due  to  a  major  restructure 
and  overhaul  of  the  project,  and  a  shift  of  focus  to  institutionalizing  software  processes,  (SEI 
CMM  level  3  certification),  the  project  migrated  to  Ada,  and  began  using  a  modified  Incremental 
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Build  lifecycle  model.  In  addition,  suitable  software  metrics  from  two  recent  builds  were 
available.  We  used  Dr,  Nogueira’s  Model  4  to  calculate  the  probability  of  completion  curve  for 

Build  2  using;  BR=2.59,  DR=3.04,  RV=5.63,  0=2544,  D=4010,  T=1003.  The  model  predicted 
Impossible. 

Actual  time  for  build  2  took  from  4/24/00  until  7/10/00  or  68  working  days  at  22  working  days 
a  month.  We  believe  this  inconsistency  is  due  primarily  to  the  calculation  for  the  LGC  count 
being  based  on  all  six  Computer  Software  Configuration  Items  (CSCI).  Core  functionality  on  three 
CSCIs;  CSCI-A,  CSCI-B,  and  CSCI-C  had  been  previously  developed  and  validated.  However, 
the  builds  during  this  period,  involved  addition  of  functionality  to  the  following  CSCIs:  CSCI-d] 
CSCI-E,  and  CSCI-F.  That  is,  build  2  was  modifying  only  a  portion  of  the  total  software  system 
code,  but  the  LGC  data  gives  a  view  of  all  six  CSCIs  combined. 

The  available  data  was  not  broken  down  into  separate  CSCIs,  nor  did  it,  post-mortem,  identify 
the  code  that  was  being  worked  in  a  previous  software  release.  We  cannot  fault  the  developer  for 
not  collecting  metrics  for  research  concepts  that  they  are  not  aware  of,  nor  do  we  believe  that  this 
type  of  data  collection  is  a  requirement  of  CMM  level  3. 

A  finding  of  this  research  is  the  need  to  adjust  the  CX  when  applying  the  Nogueira  model  to 
evolved  projects  that  are  developing  or  enhancing  only  a  portion  of  their  CSCIs. 

As  previously  stated,  this  project  did  not  utilize  a  lower  case  tool  such  as  Rational  Rose.  We 
believe  use  of  such  a  tool  is  essential  when  attempting  to  apply  the  Nogueira  formal  model,  as  it 
provides  the  capability  to  collect  detailed  information,  over  the  software  development  lifecycle. 
The  data  can  later  be  extracted  and  used  for  input  to  the  Nogueira  model  metrics. 

D.  Metrics  for  Weapon  Systems  Acquisition:  Modernization  of  Department  of  Defense  (DoD)  weapon 
systems  has  resulted  in  an  ever-increasing  dependence  on  software.  Despite  technological  advances  in  the 
software  field,  software  development  remains  costly  and  one  of  the  highest  risk  factors  on  most  weapon 
system  programs.  The  use  of  software  metrics  is  a  methodology  for  mitigating  this  uncertainty  so  that 
software  development  progresses  under  informed  decision  making.  Software  metrics  are  essential  tracking 
tools  used  by  program  managers  to  monitor  and  control  risk  areas.  However,  the  choice  of  metrics  for  a 
program  is  critical  to  their  usefulness.  We  developed  a  guide  to  acquisition  managers  on  selecting  the  most 
effective  metrics  to  use  in  management  of  weapon  system  software.  The  study  identified  key  issues  in  the 
use  of  software  metrics  experienced  by  program  managers,  and  recommends  a  revised  set  of  metrics  and 
improvements  to  the  use  of  metrics  based  on  innovations  and  improvements  in  the  software  field  as  well  as 
software  estimation  tools  that  facilitate  the  use  of  these  software  metrics, 

E.  Electronic  maneuvering  board  and  dead  reckoning  tracer  decision  aid  for  the  Officer  of  the  Deck:  The 
U.S.  Navy  currently  bases  the  majority  of  our  contact  management  decisions  around  a  time  and  manning 
intensive  paper-based  Maneuvering  Board  process.  Additional  manning  requirements  are  involved  on  many 
Naval  Ships  in  order  to  accurately  convey  the  information  to  the  OOD  and/or  the  Commanding  Officer. 
When  given  situations  where  there  exist  multiple  contacts,  the  current  system  is  quickly  overwhelmed  and 
may  not  provide  Decision-Makers  a  complete  and  accurate  picture  in  a  timely  manner. 

A  stand-alone  system  was  developed  that  provides  timely  and  accurate  contact  information  for 
decision-makers.  By  creating  a  reliable,  automated  system  in  a  format  that  is  familiar  to  all  Surface  Warfare 
Officers  we  will  provide  the  Navy  with  a  valuable  decision-making  tool,  while  increasing  ease  of  data 
exchange  and  reducing  current  redundancies  and  manning  inefficient  practices. 

The  software  design  is  based  upon  the  Unified  Modeling  Language  (UML).  UML  allows  us  to 
construct  a  software  model  that  is  supported  by  the  ADA  programming  language.  Our  design  is  based  upon 
these  fundamental  tenants:  Non-Operating  System  dependent,  Non-Hardware  System  dependent, 
Extensible  and  Modular  design.  ADA  provides  a  certified  compiler,  making  our  code  robust  and  assuring 
the  "buyer"  that  the  program  does  what  we  advertise  it  to  do. 

F.  Metrics  for  measuring  the  effectiveness  of  software  testing  tools:  The  levels  of  quality,  maintainability, 
testability,  and  stability  of  software  can  be  improved  and  measured  through  the  use  of  automated  testing 
tools  throughout  the  software  development  process.  Automated  testing  tools  assist  software  engineers  to 
gauge  the  quality  of  software  by  automating  the  mechanical  aspects  of  the  software-testing  task.  Automated 
testing  tools  vary  in  their  underlying  approach,  quality,  and  ease-of-use,  among  other  characteristics. 
Evaluating  available  tools  and  selecting  the  most  appropriate  suite  of  tools  can  be  a  difficult  and  time- 
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consuming  process.  We  proposed  a  suite  of  objective  metrics  for  measuring  tool  characteristics  as  an  aide 
in  systematically  evaluating  and  selecting  automated  testing  tools  for  both  procedural  and  object-oriented 
source  code. 

The  proposed  metrics  for  evaluating  testing  tools  include: 

1.  Human  Interface  Design  (HID)  -  This  metric  measures  whether  the  tools  have  well  designed 
human  interfaces  to  enable  easy,  efficient,  and  accurate  setting  of  tool  configuration.  A  large  HID 
indicates  the  level  of  complexity  in  learning  the  tool's  procedures  and  the  likelihood  of  errors  in 
using  the  tool  over  a  long  period  of  time. 

2.  Maturity  &  Customer  Base  (MCB)  -  This  metric  measures  the  maturity  of  a  tool,  as  indicated  by 
the  customer  satisfaction  in  the  tool's  ability  to  adequately  test  their  software. 

3.  Tool  Management(TM)  -  This  metric  measures  the  ability  of  Automated  testing  tools  to  provide 
for  several  users  to  access  the  information  while  ensuring  proper  management  of  the  information. 

4.  Ease  of  Use  (EU)  -  Ease  of  use  accounts  for  the  learning  time  of  first-time  users,  retainability  of 
procedural  knowledge  for  frequent  and  casual  users,  and  operational  time  of  frequent  and  casual 
users. 

5.  User  Control  (UC)  -  This  metric  measures  the  ability  of  the  testing  tools  that  provide  users 
expansive  control  over  tool  operations.  It  enables  testers  to  effectively  and  efficiently  test  those 
portions  of  the  program  that  are  considered  to  have  a  higher  level  of  criticality,  have  insufficient 
coverage,  or  meet  other  criteria  determined  by  the  tester.  UC  is  defined  as  the  summation  of  the 
different  portions  and  combinations  of  portions  that  can  be  tested. 

6.  Test  Case  Generation  (TCG)  -  This  metric  measures  the  ability  of  the  test  tools  to  automatically 
generate  and  readily  modify  test  cases,  either  based  on  parsing  the  software  under  test  or  on 
modification  to  the  software  under  test. 

7.  Tool  Support  (TS)  -  This  metric  measures  the  degree  of  technical  support  provided  by  the 

vendor.  • 

8.  Estimated  Return  on  Investment  (EROI)  -  This  metric  measures  the  estimated  gain  in 
productivity,  software  quality,,  and  testing  cost  reduction  against  ctfst  of  tool  investment. 

9.  Reliability  (Rel)  -  This  metric  measures  the  average  mean  time  between  tool  failures. 

10.  Maximum  Number  of  Classes  (MNC)  -  This  metric  measures  the  maximum  number  of  software 
classes  that  may  be  included  in  a  tool's  testing  project. 

11.  Maximum  Number  of  Parameters  (MNP)  -  This  metric  measures  the  maximum  number  of 
parameters  that  may  be  included  in  a  tool's  testing  project. 

12.  Response  Time  (RT)-  Time  required  to  conduct  a  test  case  on  specified  size  of  software. 

13.  Features  Support  (FS)  -  This  metric  measures  features  like  extensibility,  database  availability, 
integration  with  software  development  environment,  and  summary  report  generation. 

These  metrics  were  applied  to  the  three  testing-tool  suites.  During  the  process,  we  discovered  that 
several  of  the  metrics  are  quite  difficult,  if  not  impossible,  to  calculate  without  having  additional 
information  supplied  by  the  tool  vendor.  For  example,  if  a  vendor  has  not  conducted  a  study  on  the  tool's 
operational  retainability  by  its  users,  experiments  would  need  to  be  designed  and  conducted  to  evaluate  the 
performance  of  users  in  applying  the  tools.  If  a  vendor  does  not  have  statistics  on  its  average  response  time 
to  customer  support  requests,  calculating  the  measure  would  be  impossible.  Success  was  achieved  in 
applying  several  of  the  metrics  including  HID,  TCG,  and  reporting  features  (RF).  HID  measurements  were 
calculated  for  each  testing  tool  based  on  the  sub-metrics  of  average  keyboard-to-mouse  switches,  average 
input  fields  per  function,  average  length  of  input  fields,  and  button  recognition  when  applicable.  The  sub¬ 
metrics  demonstrated  non-coarseness  (different  values  were  measured),  finiteness  (no  metric  was  the  same 
for  all  tools),  and  non-uniqueness  (some  equal  values  were  obtained).  The  HID  measurements  were  all 
unique,  indicating  that  the  measurement  could  be  useful  in  comparing  tools  during  the  evaluation  and 
selection  process.  TCG  measurements  also  provided  unique  measurements  for  each  tool.  Sub-metrics 
measuring  levels  of  automated  test-case  generation  and  test  case  reuse  functionality  demonstrated  the 
qualities  of  non-coarseness,  finiteness,  and  non-uniqueness.  Reporting  features  (RF)  measurements  were 
also  successful.  It  is  simple  to  determine  whether  a  tool  automatically  generates  summary  reports  (SR)  that 
are  viewable  without  the  tool  application  running  (e.g.,  HTML  or  ASCII  text  document).  The  RF  metric  is 
non-coarsc,  finite,  and  non-unique.  However,  because  each  tool  earned  a  SR  score  of  one,  additional  testing 
should  be  conducted  to  determine  SR's  level  of  non-uniqueness. 
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MONTEREY  WORKSHOP  2001  -  ENGINEERING  AUTOMATION  FOR  SOFTWARE 
INTENSIVE  SYSTEM  INTEGRATION 
Luqi,  Professor 

Department  of  Computer  Science 

Sponsors:  Office  of  Naval  Research,  Defense  Advanced  Research  Projects  Agency, 

U.S.  Army  Research  Office,  U.S.  Air  Force  Office  of  Scientific  Research  , 

OBJECTIVE:  This  workshop  is  aimed  at  the  dissemination  and  integration  of  recent  research  results 
related  to  the  production  of  reliable  cost-effective  software  for  DoD  in  heterogeneous  environments.  A 
major  goal  for  this  workshop  is  to  help  the  software  engineering  community  focus  on  issues  that  are  vital  to 
improving  the  state  of  software  engineering  practice.  This  workshop  focuses  on  all  topics  related  to 
supporting  engineering  automation  of  reliable  cost-effective  integrated  distributed  software  development 
processes.  The  purposes  of  the  workshop  are  to  assess  current  research  efforts  in  this  area,  to  identify 
results  and  directions  that  can  increase  the  degree  of  automation,  to  aid  tool  integration  by  building  a 
common  understanding,  and  to  increase  the  practical  use  of  formal  methods. 

SUMMARY:  The  2001  Monterey  Workshop  on  Engineering  Automation  for  Software  Intensive  System 
Integration  is  the  8th  in  a  series  of  International  workshops.  The  workshop  was  held  in  Monterey, 
California  during  18-22  June  2001.  The  general  theme  of  the  workshop  has  been  to  present  and  discuss 
research  works  that  aims  at  increasing  the  practical  impact  of  formal  methods  for  software  and  systems 
engineering.  The  particular  focus  of  this  workshop  was  "Engineering  Automation  for  Software  Intensive 
System  Integration."  Previous  workshops  have  been  focused  on  issues  including,  "Real-time  and 
Concurrent  Systems,"  "Software  Merging  and  Slicing,"  "Software  Evolution,"  "Software  Architecture," 
"Requirements  Targeting  Software,"  and  "Modeling  Software  System  Structures  in  a  Fast  Moving 
Scenario." 

A  major  goal  for  this  series  of  workshops  is  to  encourage  the  software  engineering  community  in 
general  to  improve  interaction  between  researchers  and  engineering  practitioners.  The  workshop  has  long 
established  itself  as  a  summit  where  researchers  from  academics  and  industries  can  exchange  recent  results, 
assess  their  significance  and  earn  motivation  for  transferring  the  relevant  results  to  practice.  This  indeed  is 
a  forum  where  software  engineers  may  communicate  current  problems  in  engineering  practice  to 
researchers  and  help  focus  to  bridge  the  gap  between  the  theoretical  and  practical  sides  of  the  subject. 

It  is  no  longer  the  case  that  theoretical  foundations  for  computing  are  lacking.  However,  keeping  in 
mind  the  challenge  to  put  these  results  to  work,  the  formal  aspects  of  computing  cannot  be  studied  in 
isolation  in  the  context  of  software  engineering.  The  need  to  ensure  that  the  assumptions  on  which  formal 
models  are  based  are  consistent  with  the  situations  encountered  in  practical  applications  puts 
interdisciplinary  requirements  on  researchers  and  lends  importance  to  interactions  between  experts  from 
heterogeneous  backgrounds. 

This  year,  apart  from  the  distinguished  panel  of  invited  speakers,  we  have  accepted  contributed  papers 
mainly  to  encourage  the  emerging  researchers  in  software  engineering.  This  has  widened  the  scope  of 
discussion  and  the  sessions  were  highly  interactive  and  rich  with  intellectual  frictions  in  opinion  from  a 
broad  range  of  experts.  Members  of  the  academic,  government,  military  and  commercial  world  exchanged 
their  vision,  insight  and  concerns  on  many  important  issues.  The  workshop  has  provided  another  step  to 
reduce  the  gap  between  theory  and  practice  of  software  engineering. 
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PERFORMANCE  MEASUREMENT  OF  THE  METCAST  SERVER 

Luqi,  Professor 

Department  of  Computer  Science 

Sponsors:  Fleet  Numerical  Meteorology  and  Oceanography  Center,  and 
Space  and  Naval  Warfare  Systems  Center  -  San  Diego 

OBJECTIVE:  To  measure  the  performance  of  the  metcast  server  under  real  loads.  Discover 
characteristics  of  the  metcast  connection  loads  and  compare  with  business-to-consumer  loads.  Develop  a 
benchmarking  tool  that  reproduces  metcast  loads.  Use  the  tool  to  micro-benchmark  the  server  and  suggest 
areas  of  improvement. 

SUMMARY:  Important  results  accomplished  in  2001  include: 

•  Configured  Metcast  (the  server  and  the  obs  decoder)  on  several  Linux  boxes.  Used  one  box  to  run 
a  set  of  performance  texts.  The  other  two  Linux  boxes  serve  as  a  development  Metcast  server. 

•  Developed  a  new  version  of  Metcast  Channels,  which  supports  product  attributes  and  has  many 
performance  enhancements.  The  version  is  backward  compatible.  The  new  version  has  been 
thoroughly  documented. 

•  Participated  in  a  Joint  METOC  Data  Standard  meeting  and  contributed  to  the  development  of 
Joint  METOCV  XML  standard.  Developed  a  draft  JMGRIB  format  to  markup  gridded  data 
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SYSTEM  ENGINEERING  AND  EVOLUTION  DECISION  SUPPORT 

Luqi,  Professor 

Department  of  Computer  Science 
Sponsor:  U.S.  Army  Research  Office 

OBJECTIVE:  The  objective  of  this  effort  is  to  develop  a  scientific  basis  for  system  engineering 
automation  and  decision  support.  This  objective  addresses  the  long  term  goals  of  increasing  the  quality  of 
service  provided  by  complex  systems  while  reducing  development  risks,  cost,  and  time.  The  effort  focuses 
on  decision  support  for  designing  operations  of  complex  modular  systems  that  can  include  embedded 
software.  Emphasis  areas  include  engineering  automation  capabilities  in  the  areas  of  design  modifications, 
design  records,  reuse,  and  automatic  generation  of  design  representations  such  as  real-time  schedules  and 
software, 

SUMMARY:  Focused  was  on  automation  of  design  activities  that  appear  in  an  evolutionary  approach  to 
system  development.  Decision  support  for  design  synthesis,  reuse  and  evolution  is  emphasized.  This 
research  extended  recently  developed  formal  methods  in  system  engineering  to  construct  a  cohesive  set  of 
formal  models.  These  models  are  used  to  create  and  to  connect  automated  processes  for  computer  aided 
prototyping,  requirements  validation,  and  design  synthesis.  Mathematical  models  for  implementing  a  set  of 
automated  and  integrated  engineering  automation  tools  were  also  developed.  Work  combined  very-high- 
level  specification  abstractions  and  concepts  with:  (1)  formal  real-time  models,  (2)  automated  management 
of  system  design  data  and  human  resources,  (3)  design  transformations,  (4)  change  merging,  (5)  automated 
retrieval  of  reusable  system  design  components,  and  (6)  automated  schedule  construction.  We  have  created 
automated  methods  for:  (1)  generating  real-time  control  programs,  (2)  generating  simulations  of 
subsystems,  and  (3)  coordinating  concurrent  work  by  engineering  teams.  Work  will  ensure  design 
consistency  and  alleviate  communication  difficulties. 
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The  significance  of  the  work  is  to: 

•  improve  system  effectiveness  and  flexibility, 

•  increase  engineering  productivity,  and 

•  reduce  system  maintenance  costs. 

This  was  achieved  by  providing  a  higher  level  of  engineering  automation  coupled  directly  with 
requirements  validation  facilities.  The  work  will  broaden  the  scope  of  engineering  decision  support  to 
include  concurrent  whole-system  engineering,  requirement  determination,  and  system  evolution. 
Automated  decision  support  will  ensure  system  quality  by  decreasing  the  human  effort  required.  This,  in 
turn,  will  minimize  the  incidence  of  human  error.  The  trial  use  of  operational  system  prototypes  linked  with 
software  simulations  of  selected  subsystems  enables  users  to  provide  feedback  for  validation  and 
refinement  of  system  requirements  prior  to  detailed  design.  Maintenance  costs  can  be  minimized  by 
reducing  the  need  to  repair  requirement  errors  after  system  deployment.  Methods  for  process  and  system 
re-engineering  at  minimal  cost  were  provided  This  was  achieved  by:  (1)  regenerating  new  variations  of 
designs  from  high-level  decisions.  (2)  combining  changes,  and  (3)  propagating  the  consequences  of  design 
modifications.  These  engineering  capabilities  will  enable  the  Army  to  improve  and  integrate  its  complex 
systems  with  reduced  costs.  Improved  systems  can  reduce  Army  manpower  needs  while  strengthening 
information  warfare  capabilities. 

Specific  tasks  accomplished  include: 

•  Formal  models,  architecture  and  tools  for  software  evolution:  A  new  relational  hypergraph 
model,  architecture  and  tools  for  the  computer-aided  software  evolution  process  was  developed. 
The  new  model  provides  an  integrated  framework  for  integrating  software  evolution  activities 
with  configuration  control,  maintaining  the  consistency  of  an  evolving  system,  organizing  and 
coordinating  the  activities  involved  in  the  evolution  of  large  systems.  The  model  also  serves  as 
the  basis  for  organizing  the  repository  of  configurations.  The  effectiveness  of  the  model  was 
illustrated  via  a  case  study  involving  C4I  systems  evolution. 

•  Formal  model  for  software  project  risk  assessment:  Formal  risk  assessment  models  for  the 
evolutionary  software  process,  and  methods  and  todls  were  developed  to  assess  the  risk  and  the 
duration  of  software  projects  automatically  based  on  measurements  (requirements  volatility, 
production  team  efficiency,  and  product  complexity)  that  can  be  obtained  early  in  the 
development  process.  The  effectiveness  of  the  models  was  validated  by  comparing  the  results  of 
the  models  against  data  collected  from  3  large  real  projects  and  16  simulated  projects. 

•  Architectures  and  automated  retrieval  methods  for  software  reuse:  Formal  models  and  methods  to 
automate  the  search  and  retrieval  of  software  components  from  software  reuse  repositories  were 
developed.  Models  to  support  reuse  in  product  line  approach  were  also  developed. 

•  The  use  of  Computer  Aided  Prototyping  in  Software  Re-engineering:  The  effective  use  of 
computer-aided  prototyping  techniques  were  studied  for  re-engineering  legacy  software  via  a 
case  study  involving  the  development  an  object-oriented  modular  architecture  for  the  existing  US 
Army  Janus(A)  combat  simulation  system,  and  validating  the  architecture  via  an  executable 
prototype  using  the  Computer  Aided  Prototyping  System  (CAPS).  The  research  showed  that 
prototyping  can  be  a  valuable  aid  in  re-engineering  of  legacy  systems,  particularly  in  cases  where 
radical  changes  to  system  conceptualization  and  software  structure  are  needed. 

•  Automation  support  for  distributed  heterogeneous  systems  engineering:  Models  and  methods  for 
solving  the  integration  and  interoperability  problems  in  component-based  distributed 
heterogeneous  systems  development  were  investigated. 

The  work  resulted  in  models  and  languages  for  specifying  the  architecture  of  distributed 
heterogeneous  systems  and  components,  as  well  as  technologies  to  automate  the  integration  of 
distributed  heterogeneous  software  component  via  the  automatic  generation  of  glue  and  wrapper 
from  specification. 

An  object-oriented  model  for  an  interoperability  wrapper-based  translator  was  developed  to 
resolve  the  representational  differences  between  heterogeneous  systems,  an  integrated 
development  environment  for  users  to  create  such  models,  methods  for  determining  object 
correspondence  during  system  integration,  and  the  use  of  the  Extensive  Markup  Language 
(XML)  as  a  means  for  establishing  interoperability  between  multiple  DoD  databases. 
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Techniques  were  also  developed  for  maximizing  the  network  infrastructure  and  provide 
decision  support  for  optimizing  distributed  object  servers  utilization,  as  well  as  the  use  software 
decoys  to  improve  the  security  of  distributed  heterogeneous  systems. 

•  Formal  models  for  Technology  Transition:  Investigators  worked  with  the  U.S.  Army  TACOM  to 
develop  forma!  models  and  methods  to  assess  the  maturity/risk  of  emerging  software 
technologies  and  to  assist  managers  to  size  the  software  technology  infrastructure. 

*  Technology  transfer  via  Software  Engineering  education:  To  allow  corporate  and  Department  of 
Defense  (DoD)  software  leaders  and  practitioners  to  effectively  utilize  the  technology  available  to 
them,  two  Software  Engineering  graduate  degree  programs  were  developed  to  address  the  issues 
and  needs  unique  to  DoD  software  development.  The  Software  Engineering  program  at  the  Naval 
Postgraduate  School  offers  M.S.  and  Ph.D.  degrees  in  Software  Engineering  to  both  in-residence 
and  distance-learning  students,  to  equip  software  leaders  and  practitioners  with  the  tools  needed 
to  achieve  information  superiority.  The  Ph,D.  Program  is  the  first-ever  doctoral  program  in 
Software  Engineering.  It  is  designed  to  satisfy  the  great  and  growing  demand  within  the 
Department  of  Defense  for  Ph.D.  level  leadership  to  direct  software  research  and  development 
projects  and  to  develop  policies  regarding  software  requirements  and  processes  for  design, 

.  evolution,  reuse  and  management. 
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WEAPON  SOFTWARE  SAFETY  PROGRAM  IN  NPS  SOFTWARE  ENGINEERING 

AUTOMATION  CENTER 
Luqi,  Professor 

Department  of  Computer  Science 
Sponsors:  Naval  Sea  Systems  Command 

OBJECTIVE:  For  Software  Engineering  Automation  Center  at  the  Naval  Postgraduate  School  to  support 
instructional  effort  for  Software  Engineering  Courses  on  weapon  software  safety  in  software  engineering 
curriculum,  and  to  establish  a  weapon  software  safety  chair  and  computer/telecommunication  support. 

SUMMARY:  Modem  weapon  systems  rely  on  software  for  virtually  all  aspects  of  their  functionality. 
Software  controls  almost  all  aspects  from  the  detection  and  classification  of  threats  to  launching  the 
ordnance,  guiding  it  to  the  threat,  and,  in  some  cases,  initiating  the  explosive  warhead.  An  error  or  failure  in 
any  of  the  software  modules  controlling  the  weapon  system  could  have  catastrophic  results  from 


36 


PROJECT  SUMMARIES 


m' identifying  a  friendly  track  as  hostile  to  initiating  the  warhead  while  still  in  close  proximity  to  the 
launching  platform. 

The  Navy  needs  highly  trained  individuals  capable  of  developing  and  assessing  the  software  for 
modem  weapon  systems  to  ensure  that  it  can  reliably  perform  its  mission  without  posing  an  unacceptable 
risk  to  the  fleet.  Weapon  Systems  Software  Safety  is  a  discipline  that  integrates  Systems  Engineering, 
System  Safety  Engineering,  and  Software  Engineering  into  a  cohesive  discipline  that  .provides  the 
knowledge  and  skills  necessary  to  perform  this  risk  assessment.  The  discipline  is  Software  Engineering 
intensive  due  to  the  complexity  of  the  software  in  modem  weapon  systems  however;  it  uses  a  true  Systems 
Engineering  approach  to  address  the  issues.  The  proposed  curriculum  will  provide  a  cadre  of  individuals 
trained  in  the  development  of  critical  software  with  the  fundamental  knowledge  necessary  to  develop 
software  that  provides  and  acceptable  level  of  risk  in  the  system  and  operational  context  without  sacrificing 
mission  effectiveness  or  functionality.  Key  courses  in  the  curriculum  will  also  provide  individuals  with  the 
knowledge  and  skills  necessary  to  perform  the  required  design,  analysis,  testing,  and  risk  assessment  to 
verify  the  safety  of  the  software  in  the  system  context. 

Software  Engineering  and  Information  Technology  are  rapidly  evolving  disciplines.  The  Naval 
Postgraduate  School  is  at  the  forefront  of  both  disciplines.  To  be  effective,  the  Weapon  Systems  Software 
Safety  must  evolve  with  these  disciplines  and  provide  the  direction  neeessaiy  to  maintain  both  the 
effectiveness  and  safety  of  the  associated  technology  as  it  is  applied  to  Navy  weapon  systems.  NPS  is  in  an 
enviable  position  to  accomplish  that  mission.  Qualified  individuals  must  also  perform  both  the  theoretical 
and  applied  research  necessary  to  provide  the  Weapon  System  Safety  community  with  the  tools  and 
techniques  necessary  to  assess  the  risk  associated  with  the  introduction  of  new  technologies,  the  integration 
of  existing  technologies  with  our  existing  systems,  as  well  as  the  integration  of  existing  system  into  systems 
of  systems.  The  students  at  NPS  have  backgrounds  directly  relevant  to  the  discipline:  many  have  first  hand 
experience  with  the  software  developed  for  modem  weapon  systems.  Therefore,  NPS  has  a  cadre  of  highly 
skilled  individuals  available  to  conduct  this  vital  research. 

The  student  body  consists  of  individuals  who  will  be  managing  weapon  system  programs  involving 
software,  managing  the  development  of  software  for  future  weapon  systems,  or  perhaps  even  developing 
the  software  themselves.  The  position  will  allow  the  direction  of  thesis  and  research  topics  to  provide  the 
necessary  tools  and  techniques  to  evaluate  software  in  complex  weapon  systems.  The  position  will  also 
allow  direct  access  to  research  conducted  at  NPS  and  other  universities  in  Software  Engineering  and 
Information  Technology  and  evaluate  its  application,  or  possible  impact,  on  the  safety  of  modem  weapon 
systems.  Evaluating  this  research  gives  the  Navy  the  opportunity  to  address  these  topics  before  they 
become  a  part  of  a  Navy  weapon  system. 

THESIS  DIRECTED: 

Brown,  M.,  “Modeling  and  Reasoning  about  Safety  Properties  for  Systems  Interoperability  and  Systems  of 
Systems,”  draft  dissertation.  Naval  Postgraduate  School. 

Williams,  C.,  A  Formal  Application  of  Safety  and  Risk  Assessment  in  Software  Projects,”  draft 
dissertation,  Naval  Postgraduate  School. 
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FY01 IO/IW  RESEARCH  ON  INTELLIGENT  SOFTWARE  DECOYS 
Bret  Michael,  Associate  Professor 
Department  of  Computer  Science 
Sponsor:  Naval  Information  Warfare  Activity 

OBJECTIVE.  Further  investigate  the  technical  feasibility  of  an  intelligent  software  decoy  architecture  for 
use  in  information  warfare. 


PROJECT  SUMMARIES 


SUMMARY:  The  notion  of  an  intelligent  software  decoy  was  developed,  providing  both  an  architecture 
and  initial  description  of  an  event-based  language  for  automatic  implementation  of  decoys.  The  decoys 
detect  and  respond  to  patterns  of  suspicious  behavior,  and  maintain  a  repository  of  rules  for  behavior 
patterns  and  decoying  actions.  In  order  to  illustrate  our  concept  and  approach,  a  model  was  constructed  of 
system  behavior  from  an  initial  list  of  event  types  and  their  attributes  in  the  interaction  between  computer 
worms  and  an  operating  system.  The  model  represents  patterns  of  suspicious  or  malicious  events  that  the 
software  decoy  should  detect,  and  specific  actions  to  be  taken  in  response.  The  approach  explicitly  treats 
both  standard  and  nonstandard  invocations  of  components,  with  the  latter  representing  an  attempt  to 
circumvent  the  public  interface  of  the  component. 

At  present  various  decoying  strategies  are  being  explored  and  the  decoying  action  language  is  being 
expanded  with  the  aim  of  supporting  information  operations  and  warfare.  We  are  also  implementing  the 
event-based  language,  with  the  aim  of  running  experiments  using  the  language  to  test  decoying  strategies, 
and  conduct  performance  analyses  with  the  aim  of  determining  the  amount  of  overhead  that  will  be 
generated  by  the  decoying  mechanism. 

PUBLICATIONS: 

Michael,  J.B,  and  Riehle,  R.D.,  “Intelligent'  software  decoys,”  Proceedings  of  Monterey  Workshop: 
Engineering  Automation  for  Software  Intensive  System  Integration ,  pp.  178-187,  Naval  Postgraduate 
School,  Monterey,  C A,  June  2001. 

PRESENTATIONS: 

Michael,  J.B.,  Auguston,  M.,  Rowe,  N.C.  and  Riehle,  R.D.  “Software  Decoys:  Intrusion  Detection  and 
Countermeasures,”  Proceedings  of  Info  Assurance  Workshop ,  IEEE,  West  Point,  NY,  June  2002,  in  press. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 
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TESTING  OF  LARGE  SOFTWARE-INTENSIVE  SYSTEMS 
Bret  Michael,  Associate  Professor 
Department  of  Computer  Science 
Sponsor:  Space  and  Naval  Warfare  Systems  Command 

OBJECTIVE:  The  objective  of  the  research  project  is  threefold:  (i)  To  provide  expertise  to  SPAWAR 
corporation  in  the  area  of  software  testing,  and  more  generally,  formal  verification  and  validation,  in  both 
overseeing  and  participating  in  the  Defense  Systems  Test  and  Productivity  Initiative  (DSTPI).  This 
objective  entails  two  tasks:  identifying  key  areas  of  research  and  technology  transfer  that  the  DSTPI  should 
address  and  overseeing  the  research  performed  by  the  University  of  South  Florida  as  part  of  the  DSTPI  to 
ensure  that  the  research  is  relevant  to  the  needs  of  SPAWAR,  the  Department  of  the  Navy  (DoN),  and  the 
Department  of  Defense  (DoD).  (ii)  To  integrate  the  outcomes  and  general  deliverables  of  the  DSTPI,  as 
appropriate,  into  the  computer  science  and  software  engineering  curricula  at  the  Naval  Postgraduate  School 
to  SPAWAR,  as  well  as  to  transfer  the  results  of  the  curriculum  development  and  research  by  faculty  and 
students  at  the  School  to  SPAWAR,  the  DoN,  and  DoD.  The  transfer  of  outcomes  and  general  deliverables 
to  the  curricula  will  assist  the  School  in  preparing  naval  officers  to  return  to  the  Fleet  with  the  latest  theory 
and  knowledge  of  best  practices  to  specify  and  acquire  software  that  is  testable,  of  known  pedigree,  and 
maintainable.  In  the  other  direction,  the  faculty  and  students  can  transfer  their  research  result  on  testing, 
and  more  generally,  formal  verification  and  validation  of  software-intensive  systems,  to  the  other 
participants  in  the  DSTPI.  In  order  to  facilitate  the  exchange  of  technology  and  influence  the  direction  of 
the  DSTPI,  Dr.  Michael  will  participate  as  a  member  of  the  Advisory  Board  of  the  DSTPI.  (iii)To  perform 
research  on  a  novel  approach  to  testing  large  software-intensive  systems.  Dr.  Michael,  along  with  Dr.  Neil 
Rowe  and  a  team  of  graduate  students,  are  investigating  the  technical  feasibility  of  testing  policy  and 
system  requirements  with  the  goal  of  detecting  gaps  (e.g.,  inconsistencies  in  policy  or  requirements)  prior 
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to  refining  policy  into  requirements,  and  requirement  into  lower-level  system  artifacts  (e.g.,  architectures, 
designs,  code,  documentation)  [2,3]*  We  believe  that  our  approach  to  testing  systems  can  significantly 
improve  the  ability  of  the  DoD  to  both  acquire  and  maintain  high-quality  software  for  large  systems.  This 
work  is  based  on  the  concept  of  a  policy  workbench  [5]:  an  integrated  set  of  tools  for  specifying  policy  and 
requirements,  testing  policy  and  requirements,  refining  policy  and  requirements  into  executable  or 
interpretable  specifications,  and  maintaining  the  policy,  requirements,  and  other  system  artifacts. 

SUMMARY:  A  suite  of  objective  metrics  was  developed  for  measuring  the  characteristics  of  automated 
software-testing  tools,  as  an  aid  for  systematically  evaluating  and  selecting  automated  testing  tools.  The 
metrics  are  independent  of  architectural  frameworks  and  lower  level  software  system  artifacts.  Such 
metrics  are  needed  because  automated  testing  tools  vary  in  their  underlying  approach,  quality,  and  ease-of- 
use,  among  other  characteristics.  Decision  makers  can  use  the  metrics  to  select  amongst  alternative 
automated  software  testing  tools,  matching  the  suite  of  tools  to  the  needs  of  a  particular  software- 
development  project  Experiments  were  constructed  to  test  the  feasibility  of  generating  the  test  metrics  for 
different  versions  of  a  medium-sized  software  system:  one  version  implemented  using  a  semi-structured 
procedural  design  with  known  faults,  and  a  second  version  implemented  using  a  well-structured  object- 
oriented  design.  It  was  found  that  we  could  generate  most  of  the  metrics,  while  other  of  the  metrics  would 
be  difficult  to  compute  due  to  a  lack  of  data  or  an  inability  to  extract  such  data  about  the  performance  of  the 
tools.  Present  investigations  focus  on  the  validity  of  the  suite  of  metrics.  The  investigator  is  conducting 
similar  research  using  a  larger  software  testbed,  and  incorporating  additional  commercial-off-the-shelf 
(COTS)  tools  into  the  study. 

In  addition,  a  rapid  prototyping  tool  was  invented,  as  part  of  a  policy  workbench,  which  automatically 
tests  the  logical  consistency  of  policy.  A  policy  workbench  supports  the  rapid  prototyping  of  systems  in 
support  of  reasoning  about  policy  prior  to  both  committing  updates  to  a  policy  base  and  refining  policy  into 
requirements  and  other  artifacts  of  an  information  system.  The  approach  to  testing  policy  is  novel  in  that 
test  cases  and  scripts  are  generated  automatically  based  on  the  detection  of  patterns  extracted  from 
structural  models  of  policy,  which  are  represented  via  Unified  Modeling  Language  (UML)  class  and 
collaboration  diagrams.  The  automatic  classification  and  detection  of  patterns  is  based  on  temporal, 
counting,  and  sequence  properties  of  policies,  in  addition  to  the  relationships  between  policy  objects. 
Investigators  experimented  with  our  testing-tool  component,  along  with  other  tools  of  the  policy 
workbench,  using  as  input  to  our  tools  a  set  of  security  policies  from  a  well-known  published  case  study. 

The  investigator  served  on  the  Interim  Government  Advisory  Board  (GAB),  providing  oversight  and 
guidance  to  the  federally  funded  National  Institute  for  Systems  Test  and  Productivity,  located  at  the 
University  of  South  Florida,  Tampa,  Fla. 

THESIS  DIRECTED: 

Sezgin,  M.,  “A  Pattern-Making  Approach  for  Automated  Scenario-Driven  Testing  of  Structured 
Computational  Policy,”  Masters  Thesis,  Naval  Postgraduate  School,  September  2001. 

Bossuyt,  B.J.  and  Synder,  B.B.,  “Software  Testing  Tools:  Analyses  of  Effectiveness  on  Procedural  and 
Object-Oriented  Source  Code,”  Masters  Thesis,  Naval  Postgraduate  School,  September  2001. 
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KEYWORDS:  Automated  Testing,  Computer  Security,  Metrics,  Policy  Workbench,  Software,  Test 
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DETECTION  OF  CHANGES  OVER  TIME  IN  LINEAR  FEATURES  IN  AERIAL 

PHOTOGRAPHS 
Neil  C.  Rowe,  Professor 
Department  of  Computer  Science 
Sponsor:  Navy  Engineering  Logistics  Office 

OBJECTIVE:  A  prototype  system  to  find  changes  between  aerial  photographs  of  the  same  terrain  at 
different  times  will  be  developed. 

SUMMARY:  Work  in  2001  extended  the  earlier  work  that  compared  linear  features  between  two 
photographs  of  the  same  terrain  taken  at  different  times  to  find  important  differences  in  roads  and 
buildings.  The  new  work  compared  the  regions  of  the  picture  to  detect  differences  in  irregular  and  curved 
areas  that  cannot  be  detected  by  just  comparing  linear  features.  This  did,  however,  require  more  complex 
matching  since  regions  can  have  many  more  features  than  edge  segments.  Brightness,  brightness  variation, 
narrowness,  orientation  of  the  major  axes,  irregularity  of  the  boundary,  as  well  as  comparing  the  largest 
straight  segments  along  the  boundary  was  examined.  A  relaxation  process  is  used  to  find  the  best  matches 
between  regions  of  the  two  pictures:  First  initial  matches  are  rated,  then  rerated  using  local  consistency  of 
matches  of  neighboring  regions.  The  result  is  a  more  accurate  match  between  the  two  pictures  as  well  as 
one  that  recognizes  differences  not  found  by  linear  matching. 

PUBLICATIONS: 

Rowe,  N.C.  and  Grewe,  L.,  “Change  Detection  for  Linear  Features  in  Aerial  Photographs  Using  Edge- 
Finding,”  IEEE  Transactions  on  Geoscience  and  Remote  Sensing,  Vol.  39,  No.  7,  pp.  1608-1612, 
July/ August  2001. 

Ingram,  D.J.,  Kremer,  H.S.  and  Rowe,  N.C.,  “Distributed  Intrusion  Detection  for  Computer  Systems  Using 
Communicating  Agents,”  Sixth  International  Symposium  on  Research  and  Technology  on  Command  and 
Control,  June  2001 . 

Michael,  J.B.,  Ong,  V.  and  Rowe,  N.C.,  “Natural-Language  Processing  Support  for  Developing  Policy- 
Governed  Software  Systems,”  39th  International  Conference  on  Technology  of  Object-Oriented  Languages 
and  Systems,  Santa  Barbara,  CA,  July- August  2001. 

THESES  DIRECTED: 

Alves,  J.,  "Recognition  of  Ship  Types  from  an  Infrared  Image  Using  Moment  Invariants  and  Neural 
Networks,"  Masters  Thesis,  Naval  Postgraduate  School,  March  2001 . 

Aragon,  A.,  "Agent-Based  Simulation  of  a  Marine  Infantry  Squad  in  an  Urban  Environment,"  Masters 
Thesis,  Naval  Postgraduate  School,  September  2001 . 
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MAGMA:  MOBILE  CODE  APPROACH  TO  SERVER  FAULT  TOLERANCE 
Geoffrey  Xie,  Assistant  Professor 
Department  of  Computer  Science 
Sponsor:  Office  of  Naval  Research 

OBJECTIVE:  Network  middleware  support  for  mobile  agent  based  survivable  services  is  being 
developed. 
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SUMMARY:  Progress  was  made  in  the  following  areas:  general  system  requirements  and  specifications, 
and  implementation  of  a  system  prototype  to  demonstrate  the  feasibility  of  the  proposed  approach.  One 
M.S.  thesis  has  been  produced  as  a  result. 

PUBLICATIONS: 

Xie,  G.G.,  Network  Protocols  for  Building  Survivable  Services,  Technical  Report,  NPS-CS-02-004, 
Department  of  Computer  Science,  Naval  Postgraduate  School,  December  2001. 

THESIS  DIRECTED: 

Margulis,  S.,  "MAGMA:  A  Liquid  Software  Approach  to  Fault  Tolerance,  Computer  Security  and 
Survivable  Networking,"  Masters  Thesis,  Naval  Postgraduate  School,  December  2001. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Command,  Control  and  Communications 
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SAAM:  NETWORK  MANAGEMENT  SYSTEM  FOR  INTEGRATED  SERVICES 
Geoffrey  Xie,  Assistant  Professor 
Department  of  Computer  Science 
Sponsor:  Defense  Advanced  Research  Projects  Agency 

OBJECTIVE:  A  novel  server  and  agent  based  active  management  system  for  the  next  generation  Internet 
is  being  developed. 

SUMMARY:  Progress  was  made  in  the  following  areas:  realistic  traffic  generation,  dynamic  bandwidth 
provisioning,  rerouting  of  real-time  flows,  survivable  SAAM  service,  best  effort  traffic  engineering,  policy- 
based  networking,  and  application  of  SAAM  concept  in  underwater  acoustic  networks. 

The  SAAM  prototype  system  has  been  enhanced  to  incorporate  the  aforementioned  work.  Three  M.S. 
theses  have  been  produced  as  a  result. 

PUBLICATIONS: 

Stone,  G.,  Lundy,  G.  and-Xie,  G.G.,  "Network  Policy  Languages:  A  Survey  and  a  New  Approach,"  IEEE 
Network,  Vol.  15,  No.  1,  pp  10-21,  January  2001. 

Xie,  G.G.  and  Gibson,  J.H.,  "A  Network  Layer  Protocol  for  UANs  to  Address  Propagation  Delay  Induced 
Performance  Limitations,"  Proceedings  of  MTS/IEEE  Oceans  2001  Conference,  pp  2087-2094,  Honolulu, 
HI,  November  2001. 

PRESENTATION: 

Xie,  G.G.  and  Gibson,  J.H.,  "A  Network  Layer  Protocol  for  UANs  to  Address  Propagation  Delay  induced 
Performance  Limitations,"  MTS/IEEE  Oceans  2001  Conference,  Honolulu,  HI,  November  2001. 
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Postgraduate  School,  March  2001. 
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Masters  Thesis,  Naval  Postgraduate  School,  September  2001 . 
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Silva,  P.,  "Advanced  Quality  of  Service  Management  for  Next  Generation  Internet,  M  Masters  Thesis,  Naval 
Postgraduate  School,  September  2001. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Command,  Control  and  Communications 

KEYWORDS:  Network  Management,  Integrated  Services,  Asynchronous  Transfer  Mode  (ATM),  Quality 
of  Service  (QoS),  Policy  Based  Networking,  Network  Security 

CONTEXT  MACHINE  -  A  DEVICE  TO  DETERMINE  CONTEXT  FROM  SYMBOLIC  INPUTS 

Michael  J.  Zyda,  Professor 
John  Hiles,  Research  Professor 
Michael  V.  Capps,  Research  Assistant  Professor 
Perry  McDowell,  Lecturer 
Department  of  Computer  Science 
Sponsor:  Defense  Advanced  Research  Projects  Agency 

OBJECTIVE:  The  purpose  of  the  Augmented  Cognition  program  is  to  increase  the  information 
management  capacity  of  the  human-computer  warfighting  integral  by  developing  and  demonstrating 
quantifiable  enhancements  to  human  cognitive  ability  in  diverse,  stressful,  operational  environments  of  the 
U.S.  warfighter  by  several  orders  of  magnitude. 

SUMMARY:  The  MOVES  Institute  at  the  Naval  Postgraduate  School  is  participating  in  the  DARPA 
Augmented  Cognition  Program  by  creating  the  Context  Machine  to  explore  the  notion  of  "context"  in  a 
general  way,  and  to  study  how  such  a  device  might  improve  future  warfighting  capabilities.  The  user’s 
current  situation,  such  as  their  location,  their  objectives,  and  the  presence  of  other  people  and  objects,  are 
inputs  to  the  Context  Machine.  The  machine  uses  the  information  to  determine  context.  Based  upon  this 
context,  it  determines  the  best  course  of  action  to  achieve  the  user’s  goals,  which  is  then  conveyed  to  the 
user.  It  is  imperative  that  the  assistance  supplied  by  the  Context  Machine  be  appropriate  to  the  situation, 
useful,  and  wanted. 

The  first  step  in  this  research  was  to  identify  those  situations  in  which  the  Context  Machine  would 
prove  most  useful.  Those  situations  are  found  when  the  user: 

•  Cannot  understand  information  in  the  environment 

•  Cannot  perceive  certain  information  in  the  environment 

•  Does  not  have  time  to  process  information  in  the  environment 

•  Can  process  the  environment,  but  does  not  have  time  to  communicate  what  has  been  processed. 
The  second  step  was  to  build  a  software  platform  for  investigation  into  varying  definitions  of 

perception  and  cognition.  A  commercial  game  engine  was  selected,  because  of  its  ready  availability  from 
another  project,  its  broad  functionality,  the  ease  with  which  it  can  be  modified,  and  its  reliance  on 
commercial  off-the-shelf  hardware  and  software. 

A  software  prototype  was  successfully  constructed,  in  which  the  Context  Machine  aids  an  infantryman 
on  a  clandestine  reconnaissance  mission.  This  demonstration  was  presented  to  the  DARPA  sponsor,  as 
well  as  to  numerous  distinguished  visitors  to  the  Naval  Postgraduate  School. 

As  a  result  of  these  efforts,  the  project  has  been  funded  for  an  additional  three  years. 

PUBLICATIONS: 

McDowell,  P.,  "A  Taxonomy  of  Context  Based  Computing,"  (Paper  in  progress) 

PRESENTATIONS: 

Zyda,  M.,  "Interest  Management,"  Workshop  on  Perceptive  User  Interfaces,  Orlando,  FL,  15  November 
2001. 
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THESIS  DIRECTED: 

McDowell,  P.,  "The  Context  Machine:  A  Device  to  Determine  User's  Context  from  Incomplete  Data  " 
Ph  D,  Dissertation,  Naval  Postgraduate  School,  (in  progress) 

DoD  KEY  TECH  AREAS:  Battlespace  Environments,  Command,  Control,  and  Communications, 
Computing  and  Software,  Human  Systems  Interface,  Modeling  and  Simulation 

KEYWORDS:  Virtual  Reality,  Augmented  Cognition,  Perception  Modeling,  Augmented  Reality 
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IMPLEMENTATION  OF  DATA  FLOW  QUERY  LANGUAGE  (DFQL) 

Baybora  Aksoy-Lieutenant  Junior  Grade,  Turkish  Navy 
B.S.,  Turkish  Naval  Academy,  1995 
Master  of  Science  in  Computer  Science-March  2001 
and 

Iiker  Sahin-Lieutenant  Junior  Grade,  Turkish  Navy 
B.S.,  Turkish  Naval  Academy,  1995 
Master  of  Science  in  Computer  Science-March  2001 
Advisor:  C.  Thomas  Wu,  Department  of  Computer  Science 
Second  Reader:  LCDR  Chris  Eagle,  USN,  Department  of  Computer  Science 

A  relational  database  management  system  (RDBMS)  is  a  software  product  that  structures  data  in 
accordance  with  the  relational  data  model  and  permits  data  manipulation  based  on  relational  algebra.  There 
are  two  widely-used  query  languages  for  the  relational  database  management  systems  (RDBMSs).  These 
are  Structured  Query  Language  (SQL)  and  Query  By  Example  (QBE).  Although  these  languages  are 
powerful,  they  both  have  drawbacks  concerning  ease-of-use,  especially  in  expressing  universal 
quantification  and  specifying  complex  nested  queries. 

In  order  to  eliminate  these  problems,  Data  Flow  Query  Language  (DFQL)  has  been  proposed.  DFQL 
offers  an  easy-to-use  graphical  user  interface  to  the  relational  model  based  on  a  data  flow  diagram,  while 
maintaining  all  of  the  strengths  of  SQL  and  QBE. 

The  purpose  of  this  thesis  is  to  implement  DFQL,  allowing  the  users  to  login  one  or  more  relational 
database(s)  through  JDBC,  view  the  structure  of  the  connected  databases  graphically,  and  implement 
inquiries  in  SQL  and  DFQL  to  retrieve  the  data  from  the  database(s). 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Human  Systems  Interface 

KEYWORDS:  Structure  Query,  SQL,  QBE,  Data  Flow  Query  Language,  DFQL,  Java,  JDBC,  Database 
Structure 


BLUETOOTH  TECHNOLOGY  AND  ITS  IMPLEMENTATION  IN  SENSING  DEVICES 
Ali  M.  Aljuaied-Lfeutenant  Commander,  Royal  Saudi  Naval  Forces 
B*S,,  Pakistan  Naval  Academy,  1988 
Master  of  Science  in  Systems  Engineering-September  2001 
Advisor:  Xiaoping  Yun,  Department  of  Electrical  and  Computer  Engineering 
Second  Reader:  Wolfgang  Baer,  Department  of  Computer  Science 

Bluetooth  Wireless  technology  is  the  world’s  new  short  range  RF  transmission  standard  for  small  form 
factor,  low  cost,  and  short-range  radio  link  between  portable  and  desktop  devices.  This  technology  does  not 
replace  Wireless  LANs  rather  it  compliments  them.  Bluetooth  wireless  technology  has  many  advantages 
over  other  Wireless  LAN  technologies,  which  makes  it  attractive  to  many  applications.  One  such 
application  is  in  the  area  of  sensors  and  gauges  on-board  ships  and  submarines.  If  these  are  connected 
wirelessly,  a  huge  amount  of  cables  are  eliminated  and  more  user  mobility  is  gained. 

This  thesis  studies  the  theories  and  principles  of  Bluetooth  technology  and  discusses  the  approaches  of 
connecting  Bluetooth  to  sensors  and  gauges.  Some  of  the  Bluetooth  products  available  in  the  market  were 
acquired  for  testing  and  evaluation.  In  the  course  of  the  study,  it  was  found  that  the  technology  was  not 
mainly  developed  with  sensor  and  gauge  applications  in  mind.  However,  integrating  sensors  with  Bluetooth 
modules  can  be  achieved  by  one  of  two  approaches.  One  approach  requires  an  expensive  Development  Kit 
and  is  limited  to  manufacturers  integrating  Bluetooth  technology  into  their  sensor  products  in  compliance 
with  Bluetooth  Specifications.  The  other  inexpensive  approach  requires  custom  circuit  designing  and 
program  coding  and  is  preferred  by  university  researchers. 

DoD  KEY  TECHNOLOGY  AREAS;  Computing  and  Software,  Sensors 
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RECOGNITION  OF  SHIP  TYPES  FROM  AN  INFRARED  IMAGE  USING  MOMENT 
INVARIANTS  AND  NEURAL  NETWORKS 
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Second  Reader:  Robert  B.  McGhee,  Department  of  Computer  Science 

Autonomous  object  recognition  is  an  active  area  of  interest  for  military  and  commercial  applications:  Given 
an  input  image  from  an  infrared  or  range  sensor,  interesting  objects  can  be  found  in  those  images  and  then 
classified.  In  this  work,  automatic  target  recognition  of  ship  types  in  an  infrared  image  is  explored.  The 
first  phase  segments  the  original  infrared  image  in  order  to  obtain  the  ship  silhouette.  The  second  phase 
calculates  moment  functions  of  those  silhouettes  that  guarantee  invariance  with  respect  to  translation, 
rotation  and  scale.  The  third  phase  applies  those  invariant  features  to  a  back-propagation  neural  network 
and  classifies  the  ship  as  one  of  the  five  types.  The  algorithm  was  implemented  and  experimentally 
validated  using  both  simulated  three-dimensional  ship  model  images  and  real  images  derived  from  video  of 
an  AN/AAS-44V  Forward  Looking  Infrared  (FLIR)  sensor. 
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and  Watercraft 
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AGENT-BASED  SIMULATION  OF  A  MARINE  INFANTRY  SQUAD  IN 
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This  thesis  research  focused  on  the  design,  development  and  implementation  of  an  agent  based  simulation 
of  a  Marine  infantry  squad  in  an  urban  environment.  The  goal  was  to  design  an  autonomous-agent 
framework  that  could  model  a  combatant's  decision  cycle.  A  squad  entity  comprised  of  these  agents  was 
created  to  explore  the  idea  of  team  dynamics  and  the  balance  between  meeting  individual  goals  and  team 
goals.  The  agents  were  placed  in  a  two-dimensional,  discrete-state,  simulation  world  with  a  simple  model 
of  urban  infrastructure.  The  squad  goal  was  to  patrol  through  the  environment  using  checkpoints.  The 
individual  agent  goals  were  to  move  to  a  destination  and  maintain  the  squad  formation.  The  critical  issues 
of  agent  movement  were  collision  detection/avoidance,  goal  managing  and  forward  planning. 
Distinguishing  the  agents  by  their  role  in  the  squad  allowed  a  single  agent  to  act  as  the  squad  leader.  This 
agent  was  given  the  ability  to  plan  a  path  to  accomplish  the  squad's  overall  goal  as  a  series  of  sub-goals, 
which  was  successful  in  getting  the  majority  of  the  agents  to  their  checkpoints  in  squad  formation.  The 
design  of  the  simulation  program  facilitates  further  research  in  using  autonomous  agents  to  model  small- 
units  in  an  urban  environment. 

DoD  KEY  TECHNOLOGY  AREAS:  Modeling  and  Simulation 
KEYWORDS:  Agent  Based  Simulation,  Two-Dimensional,  Discrete  State 


THESIS  ABSTRACTS 


INERTIAL  AND  MAGNETIC  TRACKING  OF  LIMB  SEGMENT  ORIENTATION  FOR 
INSERTING  HUMANS  INTO  SYNTHETIC  ENVIRONMENTS 
Eric  R.  Bachmann-DoD  Civilian 
B.A.,  University  of  Cincinnati,  1983 
M.S.,  Naval  Postgraduate  School,  1995 
Doctor  of  Philosophy  in  Computer  Science-December  2000 
Dissertation  Supervisor:  Michael  J.  Zyda,  Department  of  Computer  Science 

Current  motion  tracking  technologies  fail  to  provide  accurate  wide  area  tracking  of  multiple  users  without 
interference  and  occlusion  problems.  This  research  proposes  to  overcome  current  limitations  using  nine- 
axis  magnetic/angular  rate/gravity  (MARG)  sensors  combined  with  a  quaternion-based  complementary 
filter  algorithm  capable  of  continuously  correcting  for  drift  and  following  angular  motion  through  all 
orientations  without  singularities. 

Primarily,  this  research  involves  the  development  of  a  prototype  tracking  system  to  demonstrate  the 
feasibility  of  MARG  sensor  body  motion  tracking.  Mathematical  analysis  and  computer  simulation  are 
used  to  validate  the  correctness  of  the  complementary  filter  algorithm.  The  implemented  human  body 
model  utilizes  the  world-coordinate  reference  frame  orientation  data  provided  in  quaternion  form  by  the 
complementary  filter  and  orients  each  limb  segment  independently.  Calibration  of  the  model  and  the 
inertial  sensors  is  accomplished  using  simple  but  effective  algorithms.  Physical  experiments  demonstrate 
the  utility  of  the  proposed  system  by  tracking  of  human  limbs  in  real-time  using  multiple  MARG  sensors. 

The  system  is  sourceless"  and  does  not  suffer  from  range  restrictions  and  interference  problems.  This 
new  technology  overcomes  the  limitations  of  motion  tracking  technologies  currently  in  use.  It  has  the 
potential  to  provide  wide  area  tracking  of  multiple  users  in  virtual  environment  and  augmented  reality 
applications. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Human  Systems  Interface,  Sensors, 
Modeling  and  Simulation 
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IMPLEMENTATION  OF  A  HYPERTEXT  TRANSFER  PROTOCOL  SERVER  ON  A 
HIGH  ASSURANCE  MULTI-LEVEL  SECURE  PLATFORM 
Evelyn  Louise  Bersack-Civilian,  United  States  Army 
B.S.,  University  of  Arizona,  1986 
Master  of  Science  in  Computer  Science-December  2000 
Advisor:  Cynthia  Irvine,  Department  of  Computer  Science 
Second  Reader:  Geoffrey  Xie,  Department  of  Computer  Science 

In  a  client/server  environment  on  a  local  area  network  (LAN),  a  server  should  provide  various  network 
applications  including  a  hypertext  transfer  protocol  (HTTP)  server.  HTTP  is  a  client/server, 
request/response  application  protocol  that  is  used  on  the  World  Wide  Web  (WWW).  It  provides  the 
definition  and  means  for  transferring  objects  across  internets.  A  server  used  in  the  context  of  a  multi-level 
secure  (MLS)  LAN  should  be  no  exception.  A  MLS  LAN  should  be  capable  of  providing  an  HTTP  web 
server  that  can  be  used  by  commercially  available  web  browsers  executing  on  client  workstations.  This 
server  needs  to  be  aware  of  the  MLS  environment  and  provide  clients  access  to  all  web  pages  and  objects 
for  which  they  are  authorized. 

This  thesis  implements  an  HTTP  web  server  running  on  a  high  assurance  host  in  a  MLS  LAN.  The 
web  server  is  based  on  a  commercially  available  web  server  application.  The  commercially  available 
application  has  been  modified  and  configured  to  run  on  the  high  assurance  host.  This  thesis  discusses  the 
details  for  implementing  the  web  server  on  the  high  assurance  host. 

The  result  of  this  thesis  is  an  HTTP  web  server  application  that  runs  on  a  high  assurance  host  servicing 
clients  on  a  MLS  LAN  that  are  using  commercially  available  web  browsers.  These  clients  now  have  the 
capability  of  web  browsing  at  varying  levels  of  classification  on  one  workstation. 
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SOFTWARE  TESTING  TOOLS:  METRICS  FOR  MEASUREMENT  OF  EFFECTIVENESS  ON 
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The  levels  of  quality,  maintainability,  testability,  and  stability  of  software  can  be  improved  and  measured 
through  the  use  of  automated  testing  tools  throughout  the  software  development  process.  Automated  testing 
tools  assist  software  engineers  to  gauge  the  quality  of  software  by  automating  the  mechanical  aspects  of  the 
software-testing  task.  Automated  testing  tools  vary  in  their  underlying  approach,  quality,  and  ease-of-use, 
among  other  characteristics.  Evaluating  available  tools  and  selecting  the  most  appropriate  suite  of  tools  can 
be  a  difficult  and  time-consuming  process.  In  this  thesis,  a  suite  of  objective  metrics  is  proposed  for 
measuring  tool  characteristics,  as  an  aide  in  systematically  evaluating  and  selecting  automated  testing  tools. 
Future  work  includes  further  research  into  the  validity  and  utility  of  this  suite  of  metrics,  conducting  similar 
research  using  a  larger  software  project,  and  incorporating  a  larger  set  of  tools  into  similar  research. 
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USER-CENTERED  ITERATIVE  DESIGN  OF  A  COLLABORATIVE  VIRTUAL  ENVIRONMENT 
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Most  tasks  that  are  desirable  to  train  in  a  virtual  environment  are  not  tasks  that  we  do  alone,  but  rather  are 
executed  collaboratively  with  one  or  more  team  members.  Yet  little  is  known  about  how  to  construct  virtual 
environment  training  systems  that  support  collaborative  behavior.  The  purpose  of  this  thesis  was  to  explore 
methodologies  for  developing  collaborative  virtual  environments  for  training.  The  approach  centered  on 
analyzing  task  or  training  specific  requirements  for  the  simulation  environment.  User-centered  design 
techniques  were  applied  to  analyze  the  cognitive  processes  of  collaborative  wayfinding  to  develop  interface 
design  guidelines.  The  results  of  our  analysis  were  utilized  to  propose  a  general  model  of  collaborative 
wayfinding.  This  model  emphasizes  team  collaboration  and  interaction  in  problem  solving  and  decision¬ 
making.  The  model  in  the  field,  using  cognitive  task  analysis  methods  to  study  land  navigators.  This  study 
was  intended  to  validate  the  use  of  user-centered  design  methodologies  for  the  design  of  collaborative 
virtual  environments.  Our  findings  provide  information  useful  to  design,  ranging  from  model  enhancement 
to  interface  development.  The  cognitive  aspects  of  collaborative  human  wayfinding  and  design  for 
collaborative  virtual  environments  have  been  explored.  Further  investigation  of  design  paradigms  should 
'  include  cognitive  task  analysis  and  behavioral  task  analysis. 
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WEB-BASED  TESTING  TOOLS  FOR  ELECTRICAL  ENGINEERING  COURSES 
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This  thesis  presents  a  distance-learning  tool,  which  provides  a  self-sufficient  application  that  allows  one  to 
implement  online  courses  for  electrical  engineering,  A  major  emphasis  is  placed  on  replacing  simplistic 
multiple-choice  or  true-false  test  questions.  A  system  named,  Distance  Learning  Tools  for  Online  Tests 
(DLTOT)  is  designed,  modeled  and  implemented. 

The  implementation  is  based  on  the  Java  programming  language,  using  Servlets  and  Java  Server  Pages 
(JSP),  three-tier  technology  and  Commercial-Off-The-Shelf  (COTS)  products,  namely,  an  Apache  web 
server,  Tomcat  Application  server,  Microsoft  Access,  Mathematica,  WebMathematica  and  JSP/Servlet 
technology. 

DLTOT  is  able  to  control  student  access,  to  allow  interaction  with  the  student  during  the  course,  and  to 
present  a  challenging  test,  which  is  easily  graded  by  the  application  itself 
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SUPPORTING  THE  SECURE  HALTING  OF  USER  SESSIONS  AND  PROCESSES  IN  THE 

LINUX  OPERATING  SYSTEM 
Jerome  Philippe  Brock-Captain,  United  States  Army 
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*  Master  of  Science  in  Computer  Science-June  2001 
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One  feature  of  a  multi-level  operating  system  is  a  requirement  to  manage  multiple,  simultaneous  user- 
sessions  at  different  levels  of  security.  This  session  management  is  performed  through  a  trusted  path 
between  the  user  and  operating  system.  Critical  to  this  functionality  is  the  operating  system’s  ability  to 
temporarily  halt  dormant  sessions,  thereby  ensuring  their  inability  to  perform  any  actions  within  the 
system.  Only  when  a  session  must  be  reactivated  are  its  processes  returned  to  a  runable  state. 

This  thesis  presents  an  approach  for  adding  this  "secure  halting"  functionality  to  the  Linux  operating 
system.  A  detailed  design  for  modifying  the  Linux  kernel,  the  core  of  the  operating  system,  is  given.  A 
new  module,  allowing  an  entire  session  to  be  halted  and  woken  up,  is  designed.  A  new  process  state,  the 
"secure  halt"  state,  is  added.  Additionally,  the  kernel's  scheduling  manager  is  modified  to  properly  manage 
processes  in  the  secure  halt  state.  The  research  has  led  to  the  implementation  of  the  design  as  a  proof  of 
concept. 

This  research  is  meant  to  be  used  in  combination  with  other  efforts  to  enhance  the  security  of  the  Linux 
operating  system, 
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ANALYZING  THREADS  AND  PROCESSES  IN  WINDOWS  CE 
Titus  R.  Burns-Captain,  United  States  Marine  Corps 
B.S.,  Prairie  View  A&M  University,  1995 
Master  of  Science  in  Computer  Science-September  2001 
Advisor:  Cynthia  E.  Irvine,  Department  of  Computer  Science 
Second  Reader:  Paul  Clark,  Department  of  Computer  Science 

Windows  CE  3.0,  also  known  as  Pocket  PC  for  palm-sized  devices,  is  becoming  increasingly  popular 
among  professionals  and  corporate  enterprises.  It  is  estimated  that  by  2004  Windows  CE  will  have  a  share 
of  40%  of  the  marketplace  for  palm-sized  devices.  The  documented  vulnerabilities  against  a  major 
competitor  of  WinCE,  Palm,  and  the  proliferation  of  palm-sized  devices  highlight  the  need  for  security  for 
these  small-scale  systems.  This  thesis  is  part  of  a  larger  project  to  enhance  the  security  in  WinCE. 

This  thesis  analyzed  the  threads  and  processes  in  WinCE,  and  discusses  authentication,  public  key 
infrastructure  (PKI)  and  future  technologies  as  each  relates  to  WinCE.  The  research  discovered  that 
Talisker,  the  next  generation  of  WinCE,  supports  Kerberos  an  authentication  protocol,  and  it  also  supports 
PKI  (a  key  management  system)  components.  Results  of  this  thesis  show  that  security  can  be  enhanced  in 
WinCE  without  requiring  a  change  to  its  code  base. 
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INTEGRATED  DEVELOPMENT  ENVIRONMENT  (IDE)  FOR  THE  CONSTRUCTION  OF  A 
FEDERATION  INTEROPERABILITY  OBJECT  MODEL  (FIOM) 

Brent  P.  Christie-Major,  United  States  Marine  Corps 
B.S.,  State  University  of  New  York  College  at  Buffalo,  1990 
Master  of  Science  in  Computer  Science-September  2001 

and 

Paul  E.  Young-Captain,  United  States  Navy 
M.S.,  University  of  Mississippi,  1985 
Master  of  Science  in  Software  Engineering-September  2001 
Advisors:  Vaidis  Berzins,  Department  of  Computer  Science 
Luqi,  Department  of  Computer  Science 

Advances  in  computer  communications  technology,  the  recognition  of  common  areas  of  functionality  in 
related  systems,  and  an  increased  awareness  of  how  enhanced  information  access  can  lead  to  improved 
capability,  are  driving  an  interest  toward  integration  of  current  stand-alone  systems  to  meet  future  system 
requirements.  However,  differences  in  hardware  platforms,  software  architectures,  operating  systems,  host 
languages,  and  data  representation  have  resulted  in  scores  of  stand-alone  systems  that  are  unable  to 
interoperate  properly. 

Young's  Object  Oriented  Model  for  Interoperability  (OOMI)  defines  an  architecture  and  suite  of 
software  tools  for  resolving  data  representational  differences  between  systems  in  order  to  achieve  the 
desired  system  interoperability.  The  Federation  Interoperability  Object  Model  (FIOM)  Integrated 
Development  Environment  (IDE)  detailed  in  this  thesis  is  a  toolset  that  provides  computer  aid  to  the  task  of 
creating  and  managing  an  interoperable  federation  of  systems. 

This  thesis  describes  the  vision  and  requirements  for  this  tool  along  with  an  initial  prototype 
demonstrating  how  emerging  technologies  such  as  XML  and  Data  Binding  are  utilized  to  capture  die 
necessary  information  required  to  resolve  data  representational  differences  between  systems.  The  material 
presented  in  this  thesis  has  the  potential  to  significantly  reduce  the  cost  and  effort  required  for  achieving 
interoperability  between  DoD  systems. 
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DESIGN  AND  IMPLEMENTATION  OF  WEB-BASED  SUPPLY  CENTER’S  MATERIAL 
REQUEST  AND  TRACKING  (SMART)  SYSTEM  USING 
JAVA  AND  JAVA  SERVLETS 
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Master  of  Science  in  Computer  Science-March  2001 
Advisor:  Thomas  C.  Wu,  Department  of  Computer  Science 
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In  order  for  decision  makers  to  efficiently  make  accurate  decisions,  pertinent  information  must  be  accessed 
easily  and  quickly.  Component-based  architectures  are  suitable  for  creating  today’s  three-tiered  client- 
server  systems.  Experts  in  each  particular  field  can  develop  each  tier  independently.  The  first  tier  can  be 
built  using  HTML  and  web  browsers.  The  middle  tier  can  be  implemented  by  using  the  existing  server  side 
programming  technologies  that  enables  dynamic  web  page  creation.  The  third  tier  maintains  the  database 
management  systems. 

Java  servlets  and  Java  provide  the  programmers  platform  and  operating  system  with  independent, 
multi-threaded,  object  oriented,  secure  and  mobile  means  to  create  dynamic  content  on  the  web.  The  Java 
Servlets  Session  Tracking  API  is  a  potential  solution  to  the  problems  arising  from  the  fact  that  HTTP  is  a 
"stateless11  protocol. 

The  use  of  connection  pools  with  database  applications  provides  faster  data  access,  and  decreases  the 
use  of  system  resources.  Connection  pools  also  offer  a  solution  to  the  limited  number  of  connections  open 
to  a  specific  database  at  a  given  time. 

This  thesis  explores  the  existing  client-server  architectures  and  server  side  programming  technologies 
such  as  CGI,  ASP  and  Java  Servlets,  The  thesis  also  prescribes  the  design  and  implementation  of  a  three- 
tier  application  using  Java  and  Java  servlets  as  the  middle  tier,  and  Java  Database  Connectivity  to 
communicate  with  the  database  management  systems. 
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VULNERABILITY  ASSESSMENT  OF  MICROSOFT  EXCHANGE  2000  SERVER  SOFTWARE 
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E-mail  is  the  dominant  utility  in  use  today  as  a  means  of  issuing  directives  and  sharing  information  among 
employees  in  most  enterprises.  Although  e-mail  is  typically  not  classified,  many  may  be  personal,  private, 
or  often  sensitive  in  nature.  Important  information  can  inadvertently  be  disclosed  that  may  affect  a  critical  * 
organizational  decision.  Additionally,  the  sum  of  several  innocuous  e-mail  messages  may  allow  malicious 
agents  to  infer  knowledge  that  might  itself  be  considered  confidential.  Exchange  Server  was  selected  for 
this  research  on  the  recommendation  of  the  Fleet  Information  Warfare  Center  (FIWC)  and  the  National 
Security  Agency  (NSA)  due  to  its  wide  use  and  importance  as  the  enterprise  email  solution  for  the  Navy- 
Marine  Corps  Intranet  (NMCI).  A  vulnerability  assessment  was  needed  in  order  to  ensure  a  high  level  of 
integrity  and  to  ensure  the  application  is  deployed  in  a  secure  fashion  within  NMCL  Exchange  2000  Server 
was  found  to  be  extremely  functional  but  insecure  primarily  due  to  its  clear  text  messaging,  its  reliance 
upon  security  features  of  the  host  operating  system,  and  lack  of  built-in  security  features.  It  is 
recommended  that  Microsoft  create  a  better  setup  program  that  default  to  a  maximum  state  of  security 
rather  than  a  state  of  maximum  convenience.  It  is  also  recommended  that  administrators  make  use  of 
encrypted  connections  (SSL  or  VPN  for  example),  phase  out  pre-Windows  2000  machines,  invoke  the 
NSAfs  published  security  templates  and  be  diligent  in  applying  vendor  supplied  patches. 
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The  Information  Assurance  Vulnerability  Alert  (IAVA)  process  was  established  to  provide  an  early 
warning  and  tracking  capability  for  protecting  Department  of  Defense  (DoD)  networks  against  identified 
system  vulnerabilities.  The  Navy  initially  used  record  message  traffic  for  the  information  distribution 
required  by  the  process.  This  approach  was  heavily  administrative  and  prone  to  significant  delays  in  an 
already  time  critical  process.  Additionally,  it  lacked  support  for  automated  data  validation,  resulting  in 
unreliable  vulnerability  tracking  information.  As  a  result,  the  process  was  ineffective,  and  Navy  networks 
remained  highly  susceptible  to  exploitation,  even  for  well-documented  system  vulnerabilities.  For  this 
thesis,  web-enabling  technology  is  used  to  build  and  deploy  an  early  warning  and  tracking  system  for  Navy 
network  vulnerabilities.  The  research  sponsor,  the  Navy  Component  Task  Force  for  Computer  Network 
Defense  (NCTF-CND),  has  named  it  the  Online  Compliance  Reporting  System  (OCRS).  It  is  now  being 
used  by  all  Navy  commands  and  has  proven  efficient  and  highly  effective  in  defending  Navy  networks 
against  known  vulnerability  exploitations.  As  a  result,  the  system  has  gained  significant  interest  from  other 
organizations  and  the  research  sponsor  is  now  planning  to  fund  maintenance  and  future  enhancements  by 
the  Space  and  Naval  Warfare  Systems  Center  in  Charleston,  South  Carolina. 
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KEYWORDS:  Information  Assurance  Vulnerability  Alert,  Online  Compliance  Reporting  System,  IAVA, 
OCRS,  Early  Warning 


IMPLEMENTATION  CONSIDERATIONS  FOR  A  VIRTUAL  PRIVATE  NETWORK  (VPN)  TO 
ENABLE  BROADBAND  SECURE  REMOTE  ACCESS  TO  THE  NAVAL  POSTGRADUATE 

SCHOOL  INTRANET 

Richard  Scott  Cote-Lieutenant,  Supply  Corps,  United  States  Navy 
B.S.,  State  University  of  New  York  College  at  Geneseo,  1990 
Master  of  Science  in  Information  Technology  Management-December  2000 
Advisors:  Rex  Buddenberg,  Information  Systems  Academic  Group 
Daniel  Warren,  Department  of  Computer  Science 

As  broadband  connections  to  the  home  become  more  prevalent,  through  Digital  Subscriber  Lines  (DSL) 
and  cable  modems,  students  and  faculty  will  desire  to  access  the  NPS  intranet  via  these  new  means  instead 
of  their  56K  modems.  The  introduction  of  these  new  technologies  will  require  NPS  to  re-evaluate  how  to 
allow  remote  access  to  their  internal  resources  in  a  secure  way,  while  still  allowing  for  the  use  of  broadband 
technologies. 

This  thesis  will  examine  the  alternative  methods  for  implementing  Virtual  Private  Networks  (VPNs), 
from  simple  use  of  Point  to  Point  Protocols  (PPP)  to  high  end  specialized  internet  appliances  and  gateways. 
Pros  and  cons  of  each  will  be  discussed.  A  mock-up  of  the  school's  network  will  be  created  to  test  each  of 
the  discussed  methods.  Final  recommendations  will  be  made  for  a  model  that  can  be  used  by  the  NPS  to 
implement  a  VPN.  Also  discussed  will  be  how  that  model  may  be  altered  to  fit  other  commands 
throughout  the  U.S.  Navy  who  desire  similar  secure  remote  access  to  their  internal  network  resources. 
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It  should  be  noted  that  the  thesis  will  concentrate  on  remote  secure  access  to  an  internal  network  from 
a  single  remote  host  more  than  on  the  VPNs1  additional  ability  to  remotely  connect  two  or  more  secure 
networks  together,  such  as  can  be  found  in  a  business  to  business  (B-to-B)  environment, 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Virtual  Private  Network  (VPN),  Remote  Access,  Public  Key  Infrastructure  (PKI), 
Broadband  Access,  and  Computer  Security 


EVALUATION  OF  THE  EXTENSIBLE  MARKUP  LANGUAGE  (XML)  AS  A  MEANS  OF 
ESTABLISHING  INTEROPERABILITY  BETWEEN  MULTIPLE  DOD  DATABASES 

Eddie  L.  Davis-DoD  Civilian 
B.S.,  Mississippi  Valley  State  University,  1984 
Master  of  Science  in  Software  Engineering-June  2001 
Advisor:  Vaidis  Berzins,  Department  of  Computer  Science 
Second  Reader:  CAPT  Paul  Young,  USN,  Department  of  Computer  Science 

This  thesis  evaluates  the  ability  of  the  Extensible  Markup  Language  (XML)  to  address  the  interoperability 
problem  that  exists  between  Department  Of  Defense  (DOD)  legacy  systems.  Due  to  the  different  Database 
Management  Systems  (DBMS)  used  within  DOD,  interoperability  is  a  major  flaw.  The  need  for 
communication  between  the  DBMS  within  DOD  is  necessary  and  this  thesis  will  fo6us  on  this  problem. 
This  thesis  focuses  in  on  the  problems  that  exist,  and  assesses  XML  as  a  means  of  correcting  these 
problems.  This  thesis  uses  the  Joint  Common  Database  (JCDB)  as  a  means  of  showing  XML  to  be  a  viable 
solution. 

DoD  KEY  TECHNOLOGY  AREAS:  Battlefield  Environments,  Command  Control  and  Communications, 
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DESIGN  AND  IMPLEMENTATION  OF  ONLINE  COMMUNITIES 
Michael  Del  Grosso-Captain,  United  States  Marine  Corps 
B,S.,  Virginia  Tech,  1995 

Master  of  Science  in  Computer  Science-September  2001 
Advisor:  Rudolph  Darken,  Department  of  Computer  Science 
Second  Reader:  Ted  Lewis,  Department  of  Computer  Science 

There  are  many  claims  that  building  an  online  community  on  the  Internet  is  the  next  big  thing  for  online 
businesses  to  enhance  their  bottom  line.  Advertising  has  been  the  biggest  moneymaker  on  the  Internet  so 
far  so  attention  is  money  on  today's  Internet,  The  idea  of  an  online  community  is  to  build  communication 
tools  into  a  website  to  allow  visitors  to  interact  with  each  other  and  encourage  them  to  return  often.  By 
providing  visitors  with  a  place  to  interact  with  others  and  talk  about  their  interests  companies  can  better 
target  them  with  advertising.  Certainly  a  website  that  brings  users  back  over  and  over  again  is  very 
appealing  to  any  organization  that  is  trying  to  sell  goods  or  get  their  message  heard.  But  the  building  of  an 
online  community  is  not  as  simple  as  just  adding  discussion  forums  and/or  chat  rooms  to  a  website.  In  fact, 
many  believe  that  a  successful  community  is  only  10%  dependent  upon  technology  and  90%  dependent 
upon  people.  This  thesis  takes  a  look  at  the  principles  of  successful  online  communities  according  to 
current  literature  and  then  analyzes  the  application  of  these  principles  on  some  popular  online  communities. 
It  then  takes  a  detailed  look  at  PRESENCE-Lite,  an  online  community  built  by  the  author  based  on  the 
principles  of  online  communities, 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 
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ANALYSIS,  DESIGN  AND  IMPLEMENTATION  OF  A  WEB  DATABASE  WITH  ORACLE8I 
Ugur  Demiryurek-Lieutenant  Junior  Grade,  Turkish  Navy 
B.S.,  Turkish  Naval  Academy,  1995 
Master  of  Science  in  Computer  Science-March  2001 
Advisors:  C.  Thomas  Wu,  Department  of  Computer  Science 
LCDR  Chris  Eagle,  USN,  Department  of  Computer  Science 

This  thesis  represents  a  model  of  web-database  analysis,  design  and  implementation.  An  electronic  bulletin 
board  for  the  Naval  Postgraduate  School  is  implemented  for  demonstration.  The  model  includes  Oracle8i 
.  DBMS  as  the  database,  Java  (Java  Server  Pages,  Java  Script,  Enterprise  Java  Beans,  Java  Servlets)  as  the 
programming  language.  Apache  HTTP  Server  v.1.3  /  Tomcat  v.1.2  is  used  as  the  Web  server  and  JSP 
engine.  Windows  NT4.0  served  as  the  OS  environment.  From  the  technical  aspect,  Database  Management 
Systems,  Web-Database  Architectures,  Server  Extension  Programs,  Oracle8i,  as  well  as  several  other 
software  and  hardware  components  are  reviewed,  and  some  are  recommended. 

DoD  KEY  TECHNOLOGY  AREA:  Other  (Web-Database,  Oracle8i) 
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THERMINATOR  2:  DEVELOPING  A  REAL  TIME  THERMODYNAMIC  BASED 
PATTERNLESS  INTRUSION  DETECTION  SYSTEM 
Stephen  D.  Donald-Lieutenant,  United  States  Navy 
B.S.,  Georgia  Institute  of  Technology,  1995 
Master  of  Science  in  Computer  Science-September  2001 
Master  of  Science  in  Systems  Engineering-September  2001 

and 

Robert  V.  McMilien-Captain,  United  States  Marine  Corps 
B.S.,  United  States  Naval  Academy,  1994 
Master  of  Science  in  Computer  Science-September  2001 
Master  of  Science  in  Systems  Engineering-September  2001 
Advisors:  John  C.  McEachen,  Department  of  Electrical  and  Computer  Engineering 
LCDR  Chris  Eagle,  USN,  Department  of  Computer  Science 

A  novel  system  for  conducting  non-signature  based,  or  patternless,  intrusion  detection  of  computer 
networks  is  presented.  This  system  uses  principles  of  thermodynamics  to  model  network  conversation 
dynamics.  A  notion  of  baseline  operating  conditions  is  developed  by  observing  the  properties  of  entropy, 
energy  and  temperature  within  the  system.  Perturbations  in  these  properties  are  considered  potential 
intrusions  for  fiirther  investigation.  This  thesis  focuses  on  the  design  and  architecture  of  this  system. 
System  functions  are  decomposed  into  a  network  sensing  device,  a  real-time  processing  component  and  a 
forensics  component.  A  mechanism  for  forwarding  and  storage  of  sensed  data  is  developed  and  discussed. 
Similarly,  a  novel  three-dimensional  display  technique  and  the  data  structure  that  allows  direct  access  of 
raw  packet  information  from  energy  levels  within  this  display  is  constructed  and  discussed.  A  system 
configuration  language  is  defined  and  presented  and  additional  tools  for  follow-on  forensic  analysis  are 
developed.  Finally,  examples  of  valid  intrusions  and  other  network  perturbations  in  real  traffic  collected  in 
Department  of  Defense  network  operation  center  backbones  are  presented.  Preliminary  results  indicate  this 
system  has  significant  potential  for  revealing  anomalies  in  large  network  systems. 
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THE  DESIGN  AND  IMPLEMENATION  OF  A  REAL-TIME  DISTRIBUTED 
APPLICATION  EMULATOR 
Timothy  S.  Drake-DoD  Civilian 
B.S.,  Colorado  State  University,  1985 
Master  of  Science  in  Electrical  Engineering-March  2001 
Advisor;  Cynthia  E.  Irvine,  Department  of  Computer  Science 
Second  Reader;  Jon  Butler,  Department  of  Electrical  and  Computer  Engineering 

This  thesis  details  the  engineering,  design  and  implementation  of  a  real-time,  distributed,  application 
emulator  system  (AE  system).  The  project  had  two  main  goals  for  the  tool:  emulation  of  real-time 
distributed  systems,  and  as  a  programmable  resource  consumer.  The  AE  system  is  currently  being  used  in 
the  HiPer-D  test  bed  to  activate  a  resource  leveling  tool  that  monitors  several  software  components  for  real¬ 
time  response.  The  AE  system  is  highly  flexible  and  can  be  used  in  the  context  of  a  variety  of  network 
topologies  and  system  loading  options.  The  results  presented  show  that  the  AE  system  also  emulates 
distributed  systems, 
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DEVELOPING  ARTICULATED  HUMAN  MODELS  FROM  LASER  SCAN  DATA  FOR  USE  AS 
AVATARS  IN  REAL-TIME  NETWORKED  VIRTUAL  ENVIRONMENTS 
James  Allen  Dutton-Lieutenant,  United  States  Navy 
B.S,,  Oregon  State  University,  1994 

Master  of  Science  in  Modeling,  Virtual  Environments,  and  Simulation-September  2001 
Advisors;  Eric  R.  Bachmann,  Department  of  Computer  Science 
Xiaoping  Yun,  Department  of  Electrical  and  Computer  Engineering 

With  the  continuing  gain  in  computing  power,  bandwidth,  and  Internet  popularity,  there  is  a  growing 
interest  in  Internet  communities.  To  participate  in  these  communities,  people  need  virtual  representations  of 
their  bodies,  called  avatars.  Creation  and  rendering  of  realistic  personalized  avatars  for  use  as  virtual  body 
representations  is  often  too  complex  for  real-time  applications  such  as  networked  virtual  environments 
(VE).  Virtual  Environment  (VE)  designers  have  had  to  settle  for  unbelievable,  simplistic  avatars  and 
constrain  avatar  motion  to  a  few  discrete  positions. 

The  approach  taken  in  this  thesis  is  to  use  a  full-body  laser-scanning  process  to  capture  human  body 
surface  anatomical  information  accurate  to  the  scale  of  millimeters.  Using  this  3D  data,  virtual 
representations  of  the  original  human  model  can  be  simplified,  constructed  and  placed  in  a  networked 
virtual  environment. 

The  result  of  this  work  is  to  provide  photo  realistic  avatars  that  are  efficiently  rendered  in  real-time 
networked  virtual  environments.  The  avatar  is  built  in  the  Virtual  Reality  Modeling  Language  (VRML). 
Avatar  motion  can  be  controlled  either  with  scripted  behaviors  using  the  H-Anim  specification  or  via 
wireless  body  tracking  sensors  developed  at  the  Naval  Postgraduate  School  Live  3D  visualization  of 
animated  humanoids  is  viewed  in  freely  available  web  browsers. 
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INTERCONNECTIVITY  VIA  A  CONSOLIDATED  TYPE  HIERARCHY  AND  XML 
Todd  P.  Ehrhardt-Lieutenant,  United  States  Navy 
B.S.,  San  Jose  State  University,  1993 
Master  of  Science  in  Software  Engineering-December  2000 

and 

Brian  J.  Lyttle-Captain,  United  States  Army 
B.S.,  United  States  Military  Academy,  1992 
Master  of  Science  in  Computer  Science-March  2001 
Advisors:  Valdis  Berzins,  Department  of  Computer  Science 
Ge  Jun,  National  Research  Council  Post-Doctoral  Associate 
Second  Reader:  CAPT  Paul  E.  Young,  USN 

Building  a  software  system  that  passes  any  message  type  between  legacy  Command,  Control, 
Communications,  Computer,  Intelligence,  Surveillance  and  Reconnaissance  (C4ISR)  systems  is  proposed. 
The  software  system  presents  significant  cost  savings  to  the  Department  of  Defense  (DoD)  because  it 
allows  continued  use  of  already  purchased  systems  without  changing  the  system  itself. 

In  the  midst  of  the  information  age,  the  DoD  cannot  get  information  to  the  warfighter.  The  DoD  still 
maintain  and  use  heterogeneous  legacy  systems,  which  send  limited  information  via  a  set  of  common 
messages  developed  for  a  specific  domain  or  branch  of  DoD.  The  ability  to  communicate  with  one 
message  format  does  not  meet  today’s  needs,  though  these  stovepipe  C4ISR  systems  will  provide  vital 
information.  By  combining  these  systems,  a  synergistic  effect  on  our  information  operations  because  of  the 
shared  information  can  be  had. 

The  translator  will  resolve  date  representational  differences  between  the  legacy  systems  using  a  model 
entitled  the  Common  Type  Hierarchy  (CTH).  The  CTH  stores  the  relationships  between  different  data 
representations  and  captures  what  is  needed  to  perform  translations  between  the  different  representations. 
The  platform  neutral  extensible  Mark-up  Language  (XML)  as  an  enabling  technology  for  the  CTH  model 
is  used. 
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FEASIBILITY  OF  THE  TACTICAL  UAV  AS  A  COMBAT 
IDENTIFICATION  TOOL 
Michael  P.  Farmer-Major,  United  States  Army 
B.S.,  University  of  North  Alabama,  1990 
Master  of  Science  in  Information  Technology  Management-September  2001 
Advisors:  John  Osmundson,  Department  of  Information  Sciences 
William  J.  Welch,  Department  of  Computer  Science 

Soldiers  maneuvering  on  the  21st  Century  battlefield  are  issued  state-of-the-art  equipment.  Despite  this,  the 
tools  at  their  disposal  to  identify  targets  as  being  a  "friend"  or  a  "foe"  have  changed  little  since  Operation 
Desert  Storm.  While  improved  optics  on  late  model  combat  systems  are  extending  gunners*  abilities  to 
identify  targets  at  extended  ranges,  an  optics-vs-ballistics  gap  remains  in  the  majority  of  U.S.  Army  ground 
maneuver  forces.  This  gap,  and  other  battlefield  factors,  increases  the  likelihood  of  fratricides  in  combat. 

This  thesis  examines  the  feasibility  of  using  the  Army's  Tactical  Unmanned  Aerial  Vehicle  (TUAV)  as 
a  combat  identification  (CID)  tool  for  troops  at  the  tactical  level.  Three  scenarios  were  modeled  and 
multiple  simulations  run  to  identify  potential  problems  in  using  the  TUAV  as  a  CID  tool,  as  well  as  ways  to 
improve  the  system  if  it  is  used  in  this  role.  Model  considerations  included  current  and  planned  future 
datalink  bandwidths,  system  delays,  normal  vs.  immediate  taskings,  and  travel  times  to  mission  areas. 

The  thesis  demonstrates  that  if  TUAVs  are  properly  integrated  into  tactical  mission  planning  and 
imagery  analysts  possess  the  necessary  level  of  vehicle  identification  training  (to  include  thermal 
identification  training),  the  TUAV  can  function  well  as  a  CID  tool. 
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ENHANCING  NETWORK  COMMUNICATION  IN  NPSNET-V  VIRTUAL  ENVIRONMENTS 
USING  XML-DESCRIBED  DYNAMIC  BEHAVIOR  (DBP)  PROTOCOLS 
William  D.  Fischer-Major,  United  States  Army 
B.S.,  College  of  William  and  Mary,  1989 
Master  of  Seience  in  Computer  Science-September  2001 
Advisors:  Don  McGregor,  Department  of  Computer  Science 
Don  Brutzman,  Department  of  Information  Sciences 

The  existing  component  protocols,  as  well  as  new  protocols  introduced  at  runtime  into  NPSNET-V  are 
written  in  their  native  programming  language.  As  a  result,  they  require  authoring  and  compiling  by  a 
trained  programmer.  The  long  time  frame  required  to  change  or  introduce  new  protocols  into  NPSNET-V,  a 
dynamically  extensible  virtual  environment,  detracts  from  the  dynamics  of  the  virtual  environment. 
Networking  optimization  thresholds  to  support  NPSNET-V  needed  to  be  determined  to  ensure  that  the 
networking  is  performed  efficiently,  and  system  resources  to  other  systems,  such  as  graphics  rendering,  are 
maximized.  This  thesis  implements  component  protocols  described  using  Extensible  Markup  Language 
(XML)  into  NPSNET-V.  These  protocols  are  created  with  different  fidelity  resolutions  for  each  protocol, 
which  can  be  swapped  at  runtime  based  on  the  network  state.  Network  testing  was  performed  to  find  the 
ideal  maximum  packet  rates  based  on  the  impact  on  CPU  utilization  and  packet  loss.  By  using  XML,  non¬ 
programmers  can  edit  protocols  for  inclusion  in  a  simulation  at  runtime. 

Important  contributions  include  adding  protocols  to  NPSNET-V  with  high-resolution  and  low- 
resolution  versions,  described  by  XML  documents.  Basic  network  optimization  is  added  to  NPSNET-V  to 
take  advantage  of  the  protocols’  resolution  switching  ability.  The  network  testing  revealed  a  linear 
correlation  between  the  packet  sending  rate  and  CPU  utilization,  and  a  polynomial  correlation  between  the 
packet  sending  rate  and  percentage  packet  loss. 
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SOFTWARE  RE-ENGINEERING  OF  THE  HUMAN  FACTORS  ANALYSIS  AND 
CLASSIFICATION  SYSTEM  -  (MAINTENANCE  EXTENSION)  USING  OBJECT 
ORIENTED  METHODS  IN  A  MICROSOFT  ENVIRONMENT 
Thomas  P.  Flanders-Major,  United  States  Army 
B.S.,  Clarkson  University,  1989 
Master  of  Science  in  Computer  Science-September  2001 

and 
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B.S.,  United  States  Military  Academy,  1990 
Master  of  Science  in  Computer  Science-September  2001 
Advisors;  Thomas  Otani,  Department  of  Computer  Science 
LCDR  Chris  Eagle,  USN,  Department  of  Computer  Science 

The  purpose  of  this  research  is  to  technically  evaluate,  refine,  and  expand  two  existing  aircraft  safety 
management  information  systems  (one  military  and  one  civilian).  The  systems  are  used  in  the  data 
collection,  organization,  query,  analysis,  and  reporting  of  maintenance  errors  that  contribute  to  Aviation 
mishaps,  equipment  damage,  and  personnel  injury.  Both  programs  implement  the  Human  Factors  Analysis 
and  Classification  System  (HFACS)  taxonomy  model  developed  by  the  Naval  Safety  Center  (NSC)  to 
capture  aircrew  errors  in  Naval  Aviation  mishaps.  The  goal  of  this  taxonomy  is  to  identify  areas  for 
potential  intervention  by  fully  describing  factors  that  are  precursors  to  aircraft  accidents. 
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Requirements  outlined  by  Dr.  John  K.  Schmidt  of  the  Naval  Safety  Center,  in  conjunction  with  funding  by 
the  National  Aeronautics  and  Space  Administration,  require  that  the  system  utilize  a  Microsoft  Access 
based  implementation.  This  research  focuses  on  meticulous  software  engineering  to  investigate  the 
feasibility  of  adapting  the  current  "structured"  systems  to  Microsoft-based  object  oriented  architectures 
ensuring  future  scalability  and  increased  potential  for  code-reuse. 

Primary  research  questions  investigated  in  this  thesis  include:  1)  How  can  a  Microsoft  Access  based 
implementation  provide  multi-user  access  to  the  same  database  in  a  client-server  environment  while 
ensuring  the  ability  to  scale  to  a  large  number  (potentially  thousands)  of  users?  2)  How  can  the  linguistic 
discontinuity  associated  with  object-oriented  concepts  and  non-object  oriented,  flat  relational  databases  be 
overcome  when  limited  by  the  requirement  for  a  Microsoft  Access  based  solution?  3)  The  current  military 
and  civilian  systems  provide  similar  functionality,  but  use  different  database  schema.  How  can  object 
oriented  methods  be  implemented  to  provide  a  common  interface  to  both  types  of  data?  4)  How  should 
database  schema  be  changed  to  provide  the  best  performance,  scalability,  and  opportunity  for  code  re-use? 
5)  In  the  past,  Microsoft  has  deployed  new  versions  of  Microsoft  Access  and  Visual  Basic  that  were  not 
(folly)  backwards  compatible  with  previous  versions.  This  caused  great  discontent  among  users  of 
applications  designed  to  run  under  the  older  versions  of  these  programs.  How  can  our  system(s)  be 
designed  to  isolate  them  from  problems  associated  with  new  versions  of  Microsoft  products?  Specifically, 
the  pending  release  of  Microsoft  Office  2002,  the  new  SQL  Server  2000  database  engine,  and  Microsoft 
VisualBasic.NET. 

This  thesis  describes  the  use  of  the  Spiral  Development  Model  to  create  a  Microsoft-based  solution  for 
the  School  of  Aviation  Safety  requirements.  It  is  hypothesized  that  this  research  produced  products  that 
greatly  enhance  current  HFACS-capabilities  and  provide  the  means  to  weather  further  changes  in 
requirements  and  application  platforms. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Human  Factors  Analysis  and  Classification  System,  HFACS,  Naval  Aviation  Mishaps 


STUDY  OF  A  POTENTIAL  SINGLE  POINT  HOUSEHOLD  COMMUNICATIONS  PRODUCT 

UTILIZING  INTERNET  PROTOCOL 
Donna  L.  Fortin-DoD  Civilian 
B.S.,  Worcester  Polytechnic  Institute  of  Massachusetts,  1985 
Master  of  Science  in  Software  Engineering-December  2000 
,  Advisor:  Gilbert  M.  Lundy,  Department  of  Computer  Science 
Second  Reader:  James  B.  Michael,  Department  of  Computer  Science 

The  future  of  networking  technology  and  the  Internet  offer  a  great  deal  of  promise.  The  potential  is 
forthcoming  as  newer  hardware  technology  and  higher  bandwidth  capable  protocols  are  designed  and 
implemented.  This  thesis  investigates  the  possibility  of  utilizing  existing  hardware  with  presently  available 
software  to  create  a  practical  communication  package  for  the  household.  The  household  communication 
package  or  home  communicator  is  the  network  core  of  the  household  linking  television,  telephone,  and  web 
browsing  capability  into  one  system.  The  home  communicator  would  receive  an  incoming  television, 
telephone  and  Internet  signal  via  optical  fiber  from  a  single  service  provider. 

This  thesis  investigates  Linux  as  the  home  communicator  operating  system  with  Internet  Protocol 
version  6  (Ipv6)  as  the  network  protocol.  Linux  is  examined  for  its  proficiency  at  being  a  capable  customer 
oriented  operating  system.  Additional  Linux  compatible  applications  are  studied  to  include  web  browsing, 
e-mail,  chat  and  simple  text  editing.  Finally,  Ipv6  was  found  to  be  an  acceptable  software  package  for  the 
home  communicator.  There  are  several  major  issues  preventing  an  easy  solution.  A  portion  of  the 
functionality  must  be  attained  through  the  Internet  Service  Provider. 

DoD  KEY  TECHNOLOGY:  Computing  and  Software 
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ELECTRONIC  MANEUVERING  BOARD  AND  DEAD  RECKONING  TRACER  DECISION  AID 

FOR  THE  OFFICER  OF  THE  DECK 
Joey  L.  Frantzen-Lieutenant,  United  States  Navy 
B.S.,  United  States  Naval  Academy,  1994 
Master  of  Science  in  Computer  Scienee-September  2001 

and 

Kenneth  L.  Ehresman-Lieutenant,  United  States  Navy 
B.S.,  University  of  Maryland,  1995 
Master  of  Science  in  Computer  Science-September  2001 
Advisors:  Richard  D.  Riehle,  Department  of  Computer  Science 
Luqi,  Department  of  Computer  Science 

The  U.S.  Navy  currently  bases  the  majority  of  our  contact  management  decisions  around  a  time  and 
manning  intensive  paper-based  Maneuvering  Board  process.  Additional  manning  requirements  are 
involved  on  many  Naval  Ships  in  order  to  accurately  convey  the  information  to  the  Officer  of  the  Deck 
(OOD)  and/or  the  Commanding  Officer.  When  given  situations  where  there  exist  multiple  contacts,  the 
current  system  is  quickly  overwhelmed  and  may  not  provide  decision-makers  a  complete  and  accurate 
picture  in  a  timely  manner. 

The  purpose  of  this  research  is  to  implement  a  stand-alone  system  that  will  provide  timely  and  accurate 
contact  information  for  decision-makers.  By  creating  a  reliable,  automated  system  in  a  format  that  is 
familiar  to  all  Surface  Warfare  Officers  we  will  provide  the  Navy  with  a  valuable  decision-making  tool, 
while  increasing  ease  of  data  exchange  and  reducing  current  redundancies  and  manning  inefficient 
practices. 

The  software  design  is  based  upon  the  Unified  Modeling  Language  (UML).  UML  allows  us  to 
construct  a  software  model  that  is  supported  by  the  Ada  programming  language.  The  design  is  based  upon 
these  fundamental  tenants:  non-operating  system  dependent,  non-hardware  system  dependent,  extensible 
and  modular  design.  Ada  provides  a  certified  compiler,  making  the  code  robust  and  assuring  the  "buyer" 
that  the  program  does  what  it  is  advertised  to  do. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Electronic  Maneuvering  Board,  Unified  Modeling  Language,  UML,  Officer  of  the  Deck, 
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INTEGRATING  A  TRUSTED  COMPUTING  BASE  EXTENSION  SERVER  AND  SECURE 
SESSION  SERVER  INTO  THE  LINUX  OPERATING  SYSTEM 
Mark  V.  Glover-Lieutenant  Commander,  United  States  Navy 
B.S.,  Norwich  University,  1990 
M.S.,  Naval  Postgraduate  School,  1998 
Master  of  Science  in  Computer  Science-September  2001 
Advisors:  Cynthia  E.  Irvine,  Department  of  Computer  Science 
David  Shifflett,  Department  of  Computer  Science 

The  Multilevel  Secure  Local  Area  Network  (MLS  LAN)  Project  at  the  Naval  Postgraduate  School’s  Center 
for  Information  Security  (INFOSEC)  Studies  and  Research  (NFS  CISR)  is  building  a  trusted  network 
system  that  is  both  necessary  and  sufficient  to  provide  a  multilevel  networking  solution  for  real  world  use. 

The  current  configuration  provides  the  necessary  trusted  network  services  on  the  TCSEC  Class  B-3 
evaluated  XTS-300,  which  is  a  combination  of  the  STOP  version  4.4.2  multilevel  secure  operating  system, 
and  a  Wang-supplied  Intel  x86  hardware  base.  The  interface  for  the  STOP  operating  is  based  on  the  System 
V.3  UNIX  implementation.  System  V.3  lacks  many  of  features  available  in  more  modem  UNIX 
implementations  such  as  System  V.4  and  BSD  4.3,  and  also  lacks  many  of  the  features  in  POSIX  and  ANSI 
C  standards.  Finally,  the  CPU  is  several  generations  older  than  the  more  current  Intel  processors.  This 
thesis  discusses  the  port  of  several  MLS  trusted  network  services  on  the  XTS-300  to  a  Linux  operating 
system  running  on  an  Intel  Pentium  Processor.  The  new  Linux  TCBE  Server  configuration  will  permit 
further  experimentation  with  MLS  architectural  issues  in  a  more  modem,  flexible  and  easily  modifiable 
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environment.  The  port  was  accomplished  by  identifying  and  modifying  the  necessary  software  modules 
needed,  to  adapt  to  a  Linux  environment. 

This  thesis  proves  that  XTS-300  TCB  services  can  be  ported  to  Linux  system  without  any  negative 
effects  on  performance  thus  allowing  a  move  toward  a  more  security  enhanced  implementation. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Multilevel  Secure  Local  Area  Network,  MLSLAN,  Trusted  Network  System 

NAVY/MARINE  CORPS  INTRANET  INFORMATION  ASSURANCE  OPERATIONAL 
SERVICES  PERFORMANCE  MEASURES 
Randall  A.  Gumke-Lieutenant,  United  States  Navy  Civil  Engineering  Corps 
B.S.,  University  of  Florida,  1993 

Master  of  Science  in  Information  Technology  Management-June  2001 
Advisors:  Daniel  F.  Warren,  Department  of  Computer  Science 
Carl  R.  Jones,  Information  Systems  Academic  Group 

Communicating  in  the  Department  of  the  Navy  (DON)  over  the  Internet  is  an  everyday  event.  The  DON  is 
developing  the  Navy  Marine  Corps  Intranet  (N/MCI)  to  enhance  this  communication  capability.  The 
security  of  communicating  over  the  N/MCI  has  become  a  concern  to  the  DON.  The  DON  is  relying  on  the 
N/MCI  contractor  to  provide  security  for  their  communications.  Key  aspects  of  this  secure  communication 
will  be  provided  through  the  use  of  a  DON  Public  Key  Infrastructure  (PKI),  which  the  N/MCI  contractor  is 
managing.  To  ensure  the  security  of  the  PKI  based  communications  the  contract  requires  the  monitoring  of 
four  PKI  performance  measures.  This  thesis  analyzes  performance  measures,  criterion,  and  standards  then 
uses  this  analysis  to  review  the  contractual  PKI  performance  measures  and  data  collected  from  commercial 
PKI  vendors.  It  recommends  changes  to  these  performance  measures  and  provides  additional  performance 
criteria  that  should  be  included  in  the  N/MCI  contract.  Finally,  this  thesis  analyses  how  the  N/MCI 
contract,  specifically  the  PKI,  impact  DON  members. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Other  (Public  Key  Infrastructure) 

KEYWORDS:  Public  Key  Infrastructure,  Public  Key  Cryptography,  Navy  Marine  Corps  Intranet,  Service 
Level  Agreements,  Performance  Measures,  PKI,  N/MCI 

SEMANTIC  INTEROPERABILITY  IN  AD  HOC  WIRELESS  NETWORKS 
RaoufHafsia-Captain,  Tunisian  Army 
B.S.,  Tunisian  Military  Academy,  1990 
Master  of  Science  in  Computer  Science-March  2001 
Advisor:  J.  Bret  Michael,  Department  of  Computer  Science 
Second  Reader:  John  S.  Osmundson,  Command,  Control,  Communications,  Computers, 

and  Intelligence  Academic  Group 

Ad  hoc  wireless  networks  are  decentralized  networks  whose  members  join  and  leave  the  network  in  an 
asynchronous  manner  and  for  short  periods  of  time.  Each  node  participating  in  the  network  acts  both  as 
host  and  a  router 

Ad  hoc  networks  in  theory,  support  missions  of  the  Armed  Forces  in  situations  in  which  the 
infrastructure  for  wire-bound  networks  is  not  dependable,  it  is  impractical  to  build  and  maintain  the 
infrastructure,  or  the  missions  requires  that  the  nodes  have  a  high-degree  of  mobility. 

Ad  hoc  wireless  networks  require  some  level  of  semantic  interoperability  so  that  nodes  in  the  network 
can  "understand"  each  other.  In  this  thesis,  requirements  for  semantic  interoperability  in  ad  hoc  wireless 
networks  are  discussed,  and  a  case  study  is  presented  of  how  such  requirements  could  be  applied.  It  was 
realized  during  the  study  that  semantic  interoperability  components  and  functions  are  developed  mostly  for 
wired  networks,  and  not  taking  in  consideration  the  wireless  issues  such  as  processing,  power,  and 
networking  limitations.  In  this  thesis,  wireless  user  infrastructure,  mobile  middleware,  and  wireless 
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application  protocols  as  a  solution  to  realize  semantic  interoperability  in  wireless  ad  hoc  networks  are 
discussed, 

DoD  KEY  TECHNOLOGY  AREAS:  Command,  Control  and  Communications,  Computing  and 
Software 

KEYWORDS:  Ad  Hoc  Networks,  Routing  Protocols,  Semantic  Interoperability,  Wireless  Networking 


EXTENSIBLE  MARKUP  LANGUAGE  (XML)  BASED  ANALYSIS  AND 
COMPARISON  OF  HETEROGENEOUS  DATABASES 
Robert  F.  Halle-DoD  Civilian 
B.S.,  University  of  Michigan,  1981 
Master  of  Science  in  Software  Engineering-June  2001 
Advisor:  Valdis  Berzins,  Department  of  Computer  Science 
Second  Reader:  CAPT  Paul  Young,  USN,  Department  of  Computer  Science 

In  the  Department  of  Defense  there  currently  exist  multiple  databases  required  to  support  command  and 
control  of  some  portion  of  the  battlefield  force.  Interoperability  between  forces  will  become  crucial  as  the 
force  structure  continues  to  be  reduced.  This  interoperability  will  be  facilitated  through  the  integration  of 
these  command  and  control  databases  into  a  singular  joint  database  or  by  developing  inter-communication 
schemas  to  support  inter-database  communications ,  The  first  step  in  either  of  these  alternatives  is  the 
identification  of  equivalent  components  among  the  multiple  databases. 

This  thesis  describes  how  Extensible  Markup  Language  (XML)  can  be  used  to  facilitate  the  process  of 
analyzing  and  comparing  multiple  databases.  Each  step  of  the  process  is  described  in  detail  accompanied 
by  explanations  of  the  XML  tools/resources  required  to  execute  the  step  and  rationale  of  why  the  step  is 
necessary.  Detailed  graphics  and  .examples  are  employed  to  simplify  -and  justify  the  step  by  step 
explanations.  The  JavaScript  code  developed  as  part  of  the  research  to  execute  the  XML  based  analysis  is 
included.  This  thesis  concludes  with  discussions  of  the  overall  value  of  this  XML  based  analysis  and 
comparison  process  and  of  potential  future  work  that  could  be  pursued  to  further  exploit  this  XML  analysis 
and  comparison  method. 

DoD  KEY  TECHNOLOGY  AREAS:  Battlefield  Environments,  Command  Control  and  Communications, 
Computing  and  Software 

KEYWORDS:  Extensible  Markup  Language,  XML  Analysis,  Heterogeneous  Databases,  Database 
Comparison,  Database  Analysis,  C4I 


DESIGNING  REALISTIC  HUMAN  BEHAVIOR  INTO  MULTI-AGENT  SYSTEMS 
Chad  F.  Hennings-Lieutenant,  United  States  Navy 
B.S.,  Illinois  Institute  of  Technology,  1994 

Master  of  Science  in  Modeling,  Virtual  Environments,  and  Simulation-September  2001 
Advisors:  John  Hiles,  Department  of  Computer  Science 
Rudolph  Darken,  Department  of  Computer  Science 

As  Multi-agent  systems  advance  toward  moving  virtual  humans  such  as  modeled  infantry  soldiers  around  a 
virtual  environment  for  modeling  and  simulation  purposes,  an  important  factor  to  be  considered  is  how  the 
agent  internalizes  and  reacts  to  its  environment.  One  method  to  simulate  this  sensory  perception  and  the 
construction  of  generalized  internal  knowledge  is  the  symbolic  reactive  agent  architecture.  This  architecture 
utilizes  symbolic  constructive  agents  to  internalize  and  symbolically  represent  the  outside  environment 
within  the  agent  and  reactive  agents  to  decide  what  course  of  action  will  be  taken  next  based  on  this 
internal  environment.  This  type  of  architecture  also  lends  itself  well  to  putting  variability  and  non- 
homogeneity  into  different  agents  by  controlling  the  level  of  hindrance  or  interference  that  the  agent 
utilizes  when  constructing  this  inner  environment,  A  simple  path  finding  task  was  used  to  determine  the 
overall  utility  of  this  architecture  with  respect  to  truly  representing  human  performance  in  cognitive  tasks. 
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Humans  as  well  as  different  simulated  agents  were  put  through  the  same  task  in  their  respective 
environment  and  their  results  were  compared.  A  concept  called  the  bracketing  heuristic  was  also  utilized  to 
determine  whether  the  model  may  translate  well  to  general  path-finding  tasks. 

DoD  KEY  TECHNOLOGY  AREAS:  Modeling  and  Simulation 

KEYWORDS:  Virtual  Humans,’ Virtual  Environments,  Multi-Agent  Systems 


USING  OPERATIONAL  RISK  MANAGEMENT  (ORM)  TO  IMPROVE  COMPUTER  NETWORK 
DEFENSE  (CND)  PERFORMANCE  IN  THE  DEPARTMENT  OF  THE  NAVY  (DON) 

Ernest  David  Hernandez-Lieutenant  Commander,  United  States  Navy 
B.S.,  United  States  Naval  Academy,  1985 
Master  of  Science  in  Information  Technology  Management-March  2001 
Advisors:  Rex  Buddenberg,  Information  Systems  Academic  Group 
Daniel  Warren,  Department  of  Computer  Science 

Operational  Risk  Management  (ORM)  has  been  credited  with  reducing  the  Navy’s  mishap  rate  to  all  time 
lows,  especially  in  Naval  Aviation.  Through  the  use  of  a  five-step  process,  ORM  has  been  able  to  change 
the  decisionmakers'  paradigm  of  day-to-day  operations  in  naval  fleet  units,  making  safety  the  paramount 
factor  that  would  allow  fleet  commanding  officers  to  conserve  their  assets,  yet  meet  the  requirement  to  train 
in  high-risk  environments.  ORM  is  a  process  that  mitigates  the  risk  associated  with  the  high-risk 
environment  that  naval  fleet  units  operate  in. 

Not  unlike  naval  fleet  units,  our  computer  networks  operate  in  a  high-risk  environment-the  Internet. 
Crackers  are  able  to  penetrate  what  were  thought  to  be  secure  networks,  and  copy,  modify,  disrupt  or 
destroy  valuable  information.  The  risk  posed  to  the  Navy's  computer  network  systems  is  very  great.  Given 
the  Navy's  adoption  of  "Network-Centric  Warfare"  and  the  Navy-Marine  Corps  Intranet  (NMCI),  the 
hazards  faced  by  the  possible  compromise  of  these  computer  network  systems  are  as  great  as  any  a  fleet 
unit  would  encounter  in  its  normal  operating  environment. 

The  objective  of  this  thesis  is  to  translate  ORM  practices  into  Information  Assurance  Risk 
Management  (IARM)  practices,  and  demonstrate  I  ARM's  utility  in  identifying,  quantifying,  and  mitigating 
the  security  risks  associated  with  computer  networks. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 
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A  DISCRETIONARY-MANDATORY  MODEL  AS  APPLIED  TO  NETWORK  CENTRIC 
WARFARE  AND  INFORMATION  OPERATIONS 
Daniel  R.  Hestad-Lieutenant,  United  States  Navy 
B.S.,  University  of  Wisconsin,  1994 

Master  of  Science  in  Information  Systems  and  Operations-March  2001 
Advisors:  J.  Bret  Michael,  Department  of  Computer  Science 
Audun  Josang,  Queensland  University  of  Technology 

The  concepts  of  DoD  information  operations  and  network  centric  warfare  are  still  in  their  infancy.  In  order 
to  develop  these  concepts,  the  right  conceptual  models  need  to  be  developed  from  which  to  design  and 
implement  these  concepts.  Information  operations  and  network  centric  warfare  are  fundamentally  based  on 
trust  decisions.  However,  the  key  to  developing  these  concepts  is  to  develop  for  DoD  is  to  develop  the 
organizational  framework  from  which  trust,  inside  and  outside,  of  an  organization  may  be  achieved  and 
used  to  its  advantage.  In  this  thesis,  an  organizational  model  is  submitted  for  review  to  be  applied  to  DoD 
information  systems  and  operational  organizations. 
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AN  IMPROVED  MAGNETIC,  ANGLE  RATE,  GRAVITY  (MARG)  BODY  TRACKING  SYSTEM 
Pierre  G.  Hollis-Captain,  United  States  Marine  Corps 
B.S.,  Rensselaer  Polytechnic  Institute,  1993 
Master  of  Science  in  Electrical  Engineering-June  2001 
Electrical  Engineer-June  2001 

Committee  Chair:  Xiaoping  Yun,  Department  of  Electrical  and  Computer  Engineering 
Committee  Members:  Sherif  Michael,  Department  of  Electrical  and  Computer  Engineering 
Erie  R,  Bachmann,  Department  of  Computer  Science 

This  thesis  proposes  the  design  of  an  improved  Magnetic,  Angular  Rate,  Gravity  (MARG)  Body  Tracking 
System.  The  current  MARG  Body  Tracking  System  is  limited  to  tracking  three  limb-segments.  The  MARG 
sensors  are  physically  connected  to  a  desktop  computer  by  cables. 

In  this  thesis,  a  multiplexing  circuit  was  implemented  to  allow  tracking  of  15  limb-segments. 
Processing  was  moved  from  a  desktop  computer  to  a  wearable  computer  and  wireless  communication  was 
implemented  using  an  IEEE  802.11b  spread  spectrum  wireless  LAN.  The  resultant  system  is  able  to  track 
the  entire  human  body  and  is  untethered.  The  range  of  the  system  is  the  same  as  that  of  the  wireless  LAN 
which  can  be  extended  with  the  use  of  repeaters.  This  thesis  work  will  ultimately  allow  human  insertion 
into  virtual  environments  for  training  and  other  applications. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software,  Human  System  Interface,  Sensors 
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APPLICATION  OF  THE  NOGUEIRA  RISK  ASSESSMENT  MODEL  TO 
REAL-TIME  EMBEDDED  SOFTWARE  PROJECTS 
Craig  S.  Johnson-DoD  Civilian 
B.S.I.S.,  University  of  Phoenix,  1999 
Master  of  Science  in  Software  Engineering-June  2001 
and 
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B.S.M.E.,  Michigan  Technological  University,  1973 
Master  of  Science  in  Software  Engineering-June  2001 
Advisor:  Luqi,  Department  of  Computer  Science 
Second  Reader:  Valdis  Berzins,  Department  of  Computer  Science 

This  thesis  addresses  the  application  of  a  Formal  Model  for  Risk  Assessment  to  real-time  embedded 
software  development  projects.  It  specifically  targets  the  use  of  existing  military  and  defense  software 
development  projects  as  a  way  to  validate,  or  refine  the  formal  model.  In  this  case  the  Nogueira  model. 
Data  will  be  gathered  from  real  projects  and  analyze  through  use  of  the  Nogueira  model.  Selected  projects 
were  based  on  specific  criteria,  listed  later  in  this  thesis.  This  is,  in  essence,  a  "post  mortem"  of  these 
projects.  It  gives  the  ability  to  compare  the  model's  predictions  against  what  the  real  data  collected  from 
the  projects  indicated.  Results  will  be  reported  with  our  conclusions  as  to  the  model’s  viability  for  use  in 
determining  risk  as  to  probability  of  completion  given  the  time  allowed  for  the  projects.  These  are  data 
points  in  the  validation  of  the  model  and  the  results,  good  or  bad,  cannot  be  used  as  a  definitive 
substantiation  of  the  model’s  fitness  for  use  on  other  real  projects. 

DoD  KEY  TECHNOLOGY  AREAS:  Other  (Project  Management  and  Risk  Assessment) 
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Complexity  (CX),  Large  Granularity  Complexity  (LGC),  Operators,  Data  Streams,  Abstract  Data  Types 
(ADTs),  Efficiency  Factor  (EF),  Software  Engineering,  Risk  Assessment,  Estimation  Models,  Bi- 
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ANALYSIS  OF  INTEL  IA-64  PROCESSOR  SUPPORT  FOR  A  SECURE  VIRTUAL 

MACHINE  MONITOR 

Kadir  Karadeniz-Lieutenant  Junior  Grade,  Turkish  Navy 
B.S.,  Turkish  Naval  Academy,  1995 
Master  of  Science  in  Electrical  Engineering-March  2001 
Advisor:  Cynthia  Irvine,  Department  of  Computer  Science 
Second  Reader:  Frederick  W.  Terman,  Department  of  Electrical  and  Computer  Engineering 

This  thesis  explores  the  Intel  IA-64  architecture's  capability  to  support  a  secure  virtual  machine  monitor. 
The  major  mission  of  a  virtual  machine  monitor  is  to  provide  an  execution  environment  identical  to  the  real 
machine  environment  for  virtual  machines.  A  VMM  duplicates  the  real  resources  of  a  processor  for  virtual 
machines  while  making  a  virtual  machine  think  that  it  is  running  on  a  real  machine.  As  a  result,  a  virtual 
machine  monitor  allows  multiple  virtual  machines  to  run  concurrently  on  the  same  machine. 

A  secure  VMM  on  the  Intel  IA-64  architecture  would  offer  several  benefits.  A  secure  VMM  would 
ensure  that  security  policy  is  enforced  by  constraining  information  flow  between  the  supported  virtual 
machines.  This  would  provide  PC  users  with  a  more  secure  environment  in  which  to  run  COTS  operating 
systems. 

The  Intel  IA-64  architecture  was  analyzed  to  determine  if  it  is  virtualizable.  Three  types  of  virtual 
machine  monitors  and  their  hardware  requirements  have  been  defined.  The  IA-64  architecture  was  mapped 
to  these  hardware  requirements.  Analysis  showed  that  the  IA-64  architecture  meets  three  main  hardware 
requirements.  However,  IA-64  instruction  set  contains  18  sensitive  unprivileged  instructions.  These 
instructions  prevent  the  IA-64  architecture  from  being  used  for  a  Type  I  VMM.  Several  virtualization 
’  techniques  used  in  some  architectures  are  discussed  to  determine  if  these  techniques  could  be  applicable  to 
virtualization  of  the  IA-64  architecture. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Virtual  Machines,  Virtual  Machine  Monitors,  Intel  IA-64  Architecture 


A  SIMPLE  SOFTWARE  AGENTS  FRAMEWORK  FOR  BUILDING  DISTRIBUTED 

APPLICATIONS 

Boon  Kwang  Kin-Civilian,  DSTAR  Singapore 
B.Eng.,  Nanyang  Technological  University,  1996 
Master  of  Science  in  Computer  Science-March  2001 
Advisors:  Valdis  Berzins,  Department  of  Computer  Science 
Jun  Ge,  National  Research  Council  Research  Associate 

The  development  of  distributed  systems  needs  to  consider  multiple  factors  such  as  performance,  scalability, 
resource  sharing,  and  fault  tolerance.  This  thesis  proposes  a  simple  agent-based  framework  to  address 
these  concerns  when  building  distributed  applications.  Agents  act  as  interfaces  among  processes  that 
interact  and  cooperate  in  a  distributed  environment.  These  agents  encapsulate  the  implementation  details 
and  make  the  network  transparent  to  running  processes.  The  proposed  framework  is  built  on  JINI 
infrastructure.  It  uses  Linda  TupleSpace  model,  a  shared  network-accessible  repository,  for  different 
processes  to  exchange  information.  Processes  are  loosely  coupled.  They  discover  and  linkup  with  one 
another  by  using  services  residing  on  JINI  infrastructure.  Under  this  proposed  model,  the  correspondent 
language  wrappers  such  as  Java,  Ada,  C++,  C  and  Visual  Basic  support  multiple  programming  languages. 
Information  exchange  among  processes  is  not  restricted  to  data  only.  Executable  components,  leveraging 
on  Java  code's  portability  features,  can  be  sent  over  a  heterogeneous  environment  and  executed  remotely. 
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This  framework  can  further  address  several  important  issues  on  formal  specifications  of  the 
communication  layer,  such  as  partial  failure,  synchronization,  coordination  and  heterogeneity,  by  offering 
properties  in  our  design  for  operation  timeout,  and  information  and  service  leasing.  This  framework  is  to 
be  used  in  the  Distributed  Computer  Aided  Prototyping  System  (DCAPS)  to  provide  the  inter-process 
communication  layer.  It  simplifies  the  tasks  of  designing,  binding  and  analyzing  multiple  processes  of  real¬ 
time,  distributed  prototype  systems. 

The  provided  interface  library  shields  developers  from  working  on  the  underlying  dynamic  and 
complex  network  environment.  It  supports  a  wide  variety  of  programming  languages  and  operating 
platforms.  Important  issues  under  distributed  environment,  such  as  partial  failure,  synchronization  and 
coordination,  have  been  taken  into  consideration. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Other  (Distributed  System, 
Interoperability) 

KEYWORDS:  ActiveX,  Agent,  Distributed  Systems,  Framework,  Interoperability,  JavaSpace,  JINI, 
Software,  TupleSpace,  Wrapper 


DEVELOPMENT  OF  A  TARGET  RECOGNITION  SYSTEM  USING  FORMAL 
AND  SEMI-FORMAL  SOFTWARE  MODELING  METHODS 
Matthew  A.  Lisowski-Lieutenant,  United  States  Navy 
B.S.,  United  States  Military  Academy,  1991 
Master  of  Science  in  Software  Engineering-December  2000 
Advisors:  Neil  Rowe,  Department  of  Computer  Science 
Man-Tak  Shing,  Department  of  Computer  Science 

With  the  shrinking  defense  budget,  the  United  States  Department  of  Defense  (DoD)  has  relied  more  on 
commercial-off-the-shelf  (COTS)  and  contracted  software  systems.  Government  contractors  and 
commercial  developers  currently  rely  heavily  on  semi-formal  methods  such  as  the  Unified  Modeling 
Language  (UML)  in  developing  the  models  and  requirements  for  these  software  systems.  The  correctness 
of  specifications  in  such  languages  cannot  be  tested,  in  general,  until  they  are  implemented.  Due  to  the 
inherent  safety  requirements  for  mission  critical  systems,  formal  specification  methods  would  be 
preferable.  This  thesis  contrasts  the  development  of  a  combat  system  for  the  Navy  using  the  formal 
specification  language  SPEC  with  development  using  the  semi-formal  method  UML.  The  application 
being  developed  is  a  ship  recognition  system  that  utilizes  image  data,  detected  emitters,  and  ship 
positioning  to  correlate  ship  identification.  The  requirements  analysis  and  architectural  design  for  this 
system  are  presented. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Modeling,  Requirements  Analysis,  Formal  Specifications,  UML,  Formal  Methods,  Semi- 
Formal  Methods,  Target  Recognition 


INTRUSION  DETECTION  SYSTEMS  REQUIREMENTS  ANALYSIS:  AN  EVALUATION  OF 

THE  MARINE  CORPS’  USE  OF  COTS  IDS 
Jorge  E.  Lizarralde-Major,  United  States  Marine  Corps 
B.S.,  University  of  Colorado,  1988 

Master  of  Science  in  Information  Technology  Management-September  2001 
Advisors:  Daniel  F.  Warren,  Department  of  Computer  Science 
John  S.  Osmundson,  Department  of  Information  Sciences 

Intrusion  detection  systems  (IDS)  have  become  a  major  tool  in  the  defense  of  computer  networks 
throughout  DoD.  However,  in  the  past,  the  purchase  of  these  tools  has  been  based  on  little  more  than 
vendor  literature.  This  thesis  applies  Joseph  Barms’  requirements  model  to  the  current  Commercial-Off- 
The-Shelf  (COTS)  IDS  deployed  on  the  Marine  Corps  Enterprise  Network  (MCEN)  and  determines  if  the 
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current  IDS  meets  the  Marine  Corps'  requirements.  To  make  this  determination,  this  thesis  looks  at  three 
questions:  what  are  the  requirements  for  an  intrusion  detection  system,  how  are  those  requirements 
measured  and  can  they  be  measured?  This  thesis  also  looks  at  the  MCEN  in  detail  and  concludes  that  the 
centralized  control  and  management  of  the  MCEN  allows  the  Marine  Corps  to  use  other  resources  to  make¬ 
up  for  the  deficiencies  of  an  average  COTS  product.  Lastly,  the  thesis  addresses  the  state  of  intrusion 
detection  standards  and  certified  evaluations  of  IDS.  Standardization,  when  approved,  gives  the  Marine 
Corps  more  flexibility  in  selecting  security  products  that  complement  the  MCEN  operating  environment. 
Certified  evaluations  by  accredited  laboratories  ensure  that  companies  and  organizations  can  purchase 
security  products  with  a  greater  degree  of  confidence  that  they  will  function  according  to  an  established 
assurance  level. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Intrusion  Detection  Systems,  IDS,  Marine  Corps,  Enterprise  Network,  MCEN 


INTERCONNECTIVITY  VIA  A  CONSOLIDATED  TYPE  HIERARCHY  AND  XML 
Brian  J.  Lyttle-Captain,  United  States  Army 
B.S.,  United  States  Military  Academy,  1992 
Master  of  Science  in  Computer  Science-March  2001 
and 

Todd  P.  Ehrhardt-Lieutenant,  United  States  Navy 
B.S.,  San  Jose  State  University,  1993 
Master  of  Science  in  Software  Engineering-December  2000 
Advisors:  Vaidis  Berzins,  Department  of  Computer  Science 
Ge  Jun,  National  Research  Council  Research  Associate 
Second  Reader:  CAPT  Paul  E.  Young,  USA,  Department  of  Computer  Science 

Building  a  software  system  that  passes  any  message  type  between  legacy  Command,  Control, 
Communications,  Computer,  Intelligence,  Surveillance  and  Reconnaissance  (C4ISR)  systems  is  proposed. 
The  software  system  presents  significant  cost  savings  to  the  Department  of  Defense  (DoD)  because  it 
allows  continued  use  of  already  purchased  systems  without  changing  the  system  itself. 

In  the  midst  of  the  information  age,  the  DoD  cannot  get  information  to  the  warfighter.  Heterogeneous 
legacy  systems  are  still  maintained  and  used,  which  send  limited  information  via  a  set  of  common  messages 
developed  for  a  specific  domain  or  branch  of  DoD.  The  ability  to  communicate  with  one  message  format 
does  not  meet  our  needs  today,  though  these  stovepipe  C4ISR  systems  will  provide  vital  information.  By 
combining  these  systems,  we  will  have  a  synergistic  effect  on  our  information  operations  because  of  the 
shared  information. 

Our  translator  will  resolve  date  representational  differences  between  the  legacy  systems  using  a  model 
entitled  the  Common  Type  Hierarchy  (CTH).  The  CTH  stores  the  relationships  between  different  data 
representations  and  captures  what  is  needed  to  perform  translations  between  the  different  representations. 
The  platform  neutral  extensible  Mark-up  Language  (XML)  will  be  used  as  an  enabling  technology  for  the 
CTH  model. 

DoD  KEY  TECHNOLOGY  AREAS:  Command,  Control,  and  Communications,  Computing  and 
Software 

KEYWORDS:  Interoperability,  Interconnectivity,  Legacy  Systems,  XML,  Consolidated  Type  Hierarchy, 
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AN  EXAMINATION  OF  POSSIBLE  ATTACKS  ON  CISCO’S  IPSEC-BASED  VPN  GATEWAYS 
Joel  R.  MaeRitchie-Lieutenant,  United  States  Navy 
B.S.,  United  States  Naval  Academy,  1991 
Master  of  Science  in  Computer  Seience-December  2000 
Advisor:  Daniel  F.  Warren,  Department  of  Computer  Science 
Second  Reader:  John  C.  McEachen,  II,  Department  of  Electrical  and  Computer  Engineering 

Virtual  Private  Networks  (VPNs)  are  an  emerging  security  solution  for  computer  networks  in  both  the 
government  and  corporate  arena.  IPSec,  the  current  standard  for  VPNs,  offers  a  robust,  standards-based, 
and  cryptographically  effective  solution  for  VPN  implementation.  Because  of  the  immense  complexity  of 
IPSec,  effective  analysis  is  difficult.  In  an  environment  where  Information  Warfare  in  general,  and 
computer  network  attack  in  particular  are  becoming  more  pervasive,  it  is  necessary  conduct  a  critical, 
independent  evaluation  of  IPSec  from  a  security  perspective. 

In  order  to  develop  an  effective  evaluation  of  IPSec  VPNs,  a  Cisco  Systems  IPSec-based  VPN  router 
network  is  used  as  an  example.  A  detailed  analysis  of  Cisco’s  IPSec-based  implementation,  as  well  as  of 
the  IPSec  standard  itself  is  conducted  to  determine  what,  if  any,  attacks  or  vulnerabilities  exist  in  each. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Command,  Control  and 
Communications,  Electronics,  Electronic  Warfare 

KEYWORDS:  Virtual  Private  Networks  (VPN),  Internet  Protocol  Security  (IPSec),  Computer  Network 
Attack,  Computer  Security,  Computing  and  Software,  Network  Security,  Encapsulating  Security  Payload 
(ESP),  Authentication  Header  (AH),  Routers,  Information  Warfare  (IW) 


DYNAMIC  ASSEMBLY  FOR  SYSTEM  ADAPTABILITY,  DEPENDABILITY 
AND  ASSURANCE  (D  ASAD  A)  PROJECT  ANALYSIS 
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Advisors:  Luqi,  Department  of  Computer  Science 
Man-Tak  Shing,  Department  of  Computer  Science 
John  S.  Osmundson,  Command,  Control,  Communications,  Computers,  and 
Intelligence  Academic  Group 
Richard  Riehle,  Department  of  Computer  Science 

This  thesis  focuses  on  an  analysis  of  the  dynamic  behavior  of  software  designed  for  future  Department  of 
Defense  systems.  The  DoD  is  aware  that  as  software  becomes  more  complex,  it  will  become  extremely 
critical  to  have  the  ability  for  components  to  change  themselves  by  swapping  or  modifying  components, 
changing  interaction  protocols,  or  changing  its  topology.  The  Defense  Advanced  Research  Programs 
Agency  formed  the  Dynamic  Assembly  for  Systems  Adaptability,  Dependability,  and  Assurance 
(D  ASAD  A)  program  in  order  to  task  academia  and  industry  to  develop  dynamic  gauges  that  can  determine 
run-time  composition,  allow  for  the  continual  monitoring  of  software  for  adaptation,  and  ensure  that  all 
user  defined  properties  remain  stable  before  and  after  composition  and  deployment.  Through  the  study,  a 
review  of  all  the  DASADA  technologies  were  identified  as  well  as  a  thorough  analysis  of  all  19  project 
demonstrations. 

This  thesis  includes  a  template  built  using  the  object-oriented  methodologies  of  the  Unified  Modeling 
Language  (UML)  that  will  allow  for  functional  and  non-functional  decomposition  of  any  DASADA 
software  technology  project.  In  addition,  this  thesis  includes  insightful  conclusions  and  recommendations 
on  those  DASADA  projects  that  warrant  further  study  and  review. 
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VULNERABILITIES  ASSOCIATED  WITH  REMOTE  ACCESS  TO 
TIMESTEP  VIRTUAL  PRIVATE  NETWORKS  (VPNs) 
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Master  of  Science  in  Systems  Technoiogy-June  2001 
Advisor:  Dan  Warren,  Department  of  Computer  Science 
Second  Reader:  John  Osmundson,  Command,  Control,  Communications,  Computers,  and 

Intelligence  Academic  Group 

As  Marine  Corps  requirements  for  Internet  access  continue  to  increase,  so  do  the  concerns  about  network 
security.  One  of  the  key  components  in  the  Marine  Corps  network  security  architecture  is  the  employment 
of  TimeStep  Virtual  Private  Network  (VPN)  products  to  protect  the  Marine  Corps  Enterprise  Network 
(MCEN).  These  VPN  products  provide  security  through  authentication,  confidentiality,  and  data  integrity. 
Remote  access  to  the  MCEN  via  TimeStep  VPNs  provides  the  flexibility,  security,  and  global  connectivity 
required  in  today's  high  operations  tempo. 

Despite  the  benefits  TimeStep  VPNs  provide  to  deployed  users,  the  risks  associated  with  remote  access 
remain  unclear.  In  this  thesis,  the  author  begins  by  identifying  and  evaluating  vulnerabilities  associated 
with  remote  user  access  to  TimeStep  VPNs  via  dial  up  modems,  cable  TV  modems,  and  Digital  Subscriber 
Lines  (DSL).  After  the  vulnerabilities  have  been  identified,  the  author  proposes  policies  and  procedures 
that  can  mitigate  these  vulnerabilities.  The  aim  of  this  study  is  to  provide  systems  administrators  and 
remote  users  of  the  MCEN  useful  insights  into  the  threats  that  exist  when  using  TimeStep  VPNs  and 
assistance  in  lessening  their  impact. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Virtual  Private  Networks,  Computer  Network  Attack,  Computer  Security,  Computing  and 
Software,  Network  Security 

MODELING  CONVENTIONAL  LAND  COMBAT  IN  A  MULTI-AGENT  SYSTEM  USING 
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There  are  inherent  similarities  between  the  numerous  ground  combat  entities  and  the  numerous  ground 
combat  operations.  In  combat  entities  there  exist  common  characteristics  such  as  the  ability  to  move,  shoot, 
communicate  and  more.  The  levels  that  each  entity  is  able  to  operate  for  these  characteristics  differentiate  it 
from  the  others.  For  combat  operations,  a  common  characteristic  is  that  all  operations  have  a  starting  point, 
objective  point  and  an  endpoint.  The  different  operations  take  on  unique  properties  based  on  where  these 
points  are  located,  actions  enroute  to  points  and  what  entities  do  at  these  points. 

The  generalized  concepts  in  combat  entities  and  combat  operations  provide  a  framework  that  can  assist 
developers  and  users  to  model  the  majority  of  combat  situations  with  a  single  simulation.  This  thesis  uses 
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three  different  Multi- Agent  System  (MAS)  combat  models  to  illustrate  the  generalization  framework.  Of 
the  three  “test”  models  used,  two  existed  previously  and  one  was  developed.  The  two  existing  models  are 
Map  Aware  Non-uniform  Automata  (MAN A),  developed  for  the  New  Zealand  Army  and  Defense  Force, 
and  Archimedes  developed  by  Least  Squares  Software  LLC.  The  model  (GENAgent)  was  developed  based 
on  the  redesign  of  GIAgent,  developed  by  Captain  Joel  Pawloski,  USA,  as  a  thesis  at  the  Naval 
Postgraduate  School. 

DoD  KEY  TECHNOLOGY  AREAS:  Modeling  and  Simulation 
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THE  EMPLOYMENT  OF  A  WEB  SITE  AND  WEB-ENABLING  TECHNOLOGY 
IN  SUPPORT  OF  U.S.  MILITARY  INFORMATION  OPERATIONS 
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Advisors:  J.  Bret  Michael,  Department  of  Computer  Science 
LT  Raymond  R.  Buettner,  Jr.,  USN,  Information  Warfare  Academic  Group 

As  a  global-based  system  of  information  systems,  the  World  Wide  Web  has  the  potential  to  support  U.S. 
Military  Information  Operations.  Presently,  there  is  a  lack  of  established  U.S.  Military  Doctrine  or  Planning 
Guidance  on  how  to  incorporate  the  use  of  a  website  in  support  of  Information  Operations  (IO).  This  thesis 
proposes  suitable  uses  of  a  web  site  within  the  IO  arena  as  defined  by  Joint  Military  Doctrine.  Specifically, 
it  is  proposed  that  a  web  site  can  support  all  of  the  following  type  of  activities:  public  information,  civil 
affairs,  psychological  operations,  deception  and  intelligence  collection.  In  addition,  the  U.S.  commercial 
marketing  sector  is  advantageously  employing  recent  advances  in  Information  Technology  and  software 
which  have  yielded  web-enabling  features  such  as  interactivity,  personalization,  customization,  and 
dynamic  information  publishing,  to  name  a  few.  The  U.S.  military  can  learn  a  great  deal  from  this.  This 
thesis  describes  some  recent  web-enabling  technology  and  then  provides  a  first  approximation  at  mapping 
web-enabling  features  to  IO  capabilities.  One  product  of  this  thesis  is  a  first  approximation  of  a  planning 
checklist  to  be  used  by  IO  practitioners  and  web-site  developers  when  considering  the  use  of  a  web-based 
IO.  Although  technology  will  continue  to  change,  this  planning  checklist  provides  a  template  for 
integrating  web-enabling  features  within  IO. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Information  Operations,  Website,  Web-enabling  Technology,  Personalization,  Dynamic 
Information  Publishing 


THE  DESIGN  AND  DEVELOPMENT  OF  A  WEB-INTERFACE  FOR  THE  SOFTWARE 
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James  A.  McDonald,  Ill-Major,  United  States  Marine  Corps 
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Master  of  Science  in  Computer  Science-September  2001 
Richard  Riehle,  Department  of  Computer  Science 
Advisors:  Man-Tak  Shing,  Department  of  Computer  Science 

The  Software  Engineering  Automation  System  (SEAS)  evolved  from  the  Computer-Aided  Prototyping 
System  (CAPS)  developed  in  the  late  1980s  and  early  1990s  to  help  software  engineers  rapidly  produce 
working  prototypes  for  hard  real-time  embedded  systems.  As  software  development  methods  such  as  the 
waterfall  and  spiral  methods  evolved  the  requirement  for  a  system  to  prototype  products  became  clear. 
CAPS  was  able  to  meet  the  needs  of  the  software  engineer,  allowing  them  to  edit  the  project,  translate  and 
compile  the  code,  develop  the  interface,  and  execute  the  project.  As  the  requirements  change  and 
customer’s  needs  become  clearer,  the  ability  to  rapidly  change  the  prototype  to  meet  these  needs  was  met 
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by  the  CAPS  system.  Today  companies  that  are  developing  software  systems  are  global  in  nature. 
Development  could  take  place  over  a  vast  expanse  of  several  continents.  The  change  in  the  workplace 
environment  bore  the  requirement  to  redesign  SEAS  to  make  it  accessible  globally  as  well  as  making  it 
functional  across  multiple  platforms.  The  envisioned  redesign  of  the  SEAS  system  takes  the  functionality 
of  the  current  system  and  deploys  it  as  a  web  application  on  the  Internet. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Software  Engineering  Automation  System,  SEAS,  Computer  Aided  Prototyping  System, 
CAPS,  Web-Interface 


INFORMATION  SECURITY  REQUIREMENTS  FOR  A  COALITION  WIDE  AREA  NETWORK 
Susan  C.  McGovern-Lieutenant,  United  States  Navy 
B.A.,  University  of  California  Los  Angeles,  1992 
Master  of  Science  in  Systems  Technology-June  2001 
Advisor:  Cynthia  E.  Irvine,  Department  of  Computer  Science 
Second  Reader:  Orin  E.  Marvel,  Command,  Control,  Communications,  Computers,  and 

Intelligence  Academic  Group 

To  achieve  information  superiority  in  a  coalition  environment  the  U.S.  has  to  seamlessly  integrate  coalition 
members,  both  NATO  and  Non-NATO,  into  its  command  and  control  processes  along  all  eclielons  of 
military  operations.  In  a  coalition  environment,  it  is  extremely  challenging  to  fuse  multinational 
information  systems  to  achieve  seamless  integration.  This  thesis  focuses  on  the  security  issues  that  are 
involved  in  establishing  coalition  network  interoperability.  The  coalition  environment  is  defined  in  terms 
of  purpose,  command  structure,  mission  area,  and  control  functions.  Network  and  information  protection 
are  discussed  in  terms  of  minimizing  the  threats  to  information  systems  security.  Coalition  information 
system  user  requirements  are  defined  and  some  of  the  security  mechanisms  required  to  meet  those 
requirements  are  discussed.  Current  solutions  to  secure  coalition  network  interoperability  are  surveyed, 
followed  by  conclusions,  recommendations  and  areas  for  further  study. 

DoD  KEY  TECHNOLOGY  AREAS:  Battlespace  Environment,  Command,  Control,  and 
Communications,  Other  (Information  Assurance) 

KEYWORDS:  Battlespace  Environment,  Command,  Control,  and  Communications  (3),  Information 
Assurance 


IMPLEMENTATION  OF  A  TWO-USER  DISPLAY  USING  STEREOSCOPICS 
Susan  C.  Miller-Captain,  United  States  Army 
B.S.,  Northeast  Louisiana  University,  1988 
Master  of  Science  in  Computer  Science-December  2000 
Advisor:  Rudolph  Darken,  Department  of  Computer  Science 
Second  Reader:  Michael  Capps,  Department  of  Computer  Science 

The  level  of  presence,  in  a  virtual  environment  depends  on  the  extent  to  which  the  real  world  is  shut  out,  the 
range  of  sensory  elements  the  environment  simulates,  the  extent  of  the  panoramic  view,  and  the  resolution 
of  the  illusion.  Many  current  virtual  environment  applications  effectively  address  these  presence  issues  for 
single  users,  but  not  for  multiple  users.  Networked  virtual  environments  address  multiple  user  collaboration 
through  real-time  interaction  of  users  in  a  shared  environment.  These  systems  provide  effective 
communication  between  users,  but  do  not  address  face-to-face  collaboration. 

To  address  these  needs,  this  thesis  describes  a  two-user  display  which  fully  supports  face-to-face 
collaboration.  Each  user  has  independent  views  of  the  environment  while  standing  near  one  another  and  is 
able  to  communicate  through  voice  and  gesture.  The  design  of  the  system  includes  stereo  rendering  and 
magnetic  tracking  technology.  Stereo  rendering  technology  is  used  to  create  two  separate  images  that  can 
be  viewed  independently.  A  magnetic  tracker  is  used  to  detect  the  movement  of  each  user's  head.  There 
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are  drawbacks,  including  ghosting,  that  affect  the  design's  usability.  Studies  are  needed  to  determine 
appropriate  application  mediums  for  this  type  of  system. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Human  Systems  Interface 
KEYWORDS:  Magnetic  Tracking,  Stereoscopy,  Virtual  Reality 


A  STUDY  OF  THE  REQUIREMENTS  FOR  A  HEADS-UP  DISPLAY  FOR  USE  IN  MOTOR 
TRANSPORTATION  IN  THE  UNITED  STATES  MARINE  CORPS 
Harold  Marcel  Mosley-Captain,  United  States  Marine  Corps 
B.S.,  Florida  Agricultural  and  Mechanical  University,  1992 
Master  of  Science  in  Computer  Seienee-September  2001 

and 

Rodney  L.  Lewis-Captain,  United  States  Marine  Corps 
B.S.,  University  of  Alabama,  1992 
Master  of  Science  in  Computer  Science-September  2001 
Advisor:  James  Bret  Michael,  Department  of  Computer  Science 
Second  Reader:  Rudolph  Darken,  Department  of  Computer  Science 

In  this  thesis,  the  high-level  requirements  for  a  concept  system.  Automated  Vehicle  Avoidance 
Identification  and  Location  System  (AVAILS)  is  investigated.  The  primary  goal  that  this  system  addresses 
is  the  safe  operation  of  large  ground  vehicles,  operated  by  the  U.S.  Marine  Corps  and  Army,  on  both 
military  reservations  and  public  roadways.  AVAILS  is  comprised  of  an  integrated  collision  warning  and 
collision  avoidance  system.  These  two  subsystems  are  used  to  support  both  low-speed  docking  and  convoy 
operations.  The  objective  is  to  provide  the  driver  with  real-time  information  that  will  help  him  or  her  act  to 
avoid  or  mitigate  the  effects  of  a  crash  with  another  vehicle  during  convoy  operations,  and  with  another 
vehicle  or  the  docking  facilities  during  docking  operations. 

The  high-level  requirements  for  the  human-computer  interface,  AVAILS-HCI,  are  discussed  in  the 
context  of  the  following:  the  characteristics  of  the  drivers,  the  nature  of  their  tasks,  the  environment  in 
which  ground-based  military  vehicles  operate,  and  the  doctrine,  policy,  law,  regulations,  and  procedures 
which  govern  the  operation  of  such  vehicles  on  military  reservations  and  public  roadways.  A  high-level 
treatment  is  given  of  the  mapping  of  the  high-level  requirements  for  the  human-computer  interface  to  in- 
vehicle  display  technology,  in  particular,  head-up  displays.  A  limited-function  prototype  of  the  system  was 
developed  in  order  to  explain  and  reason  about  the  requirements  for  the  AVAILS-HCI.  The  thesis 
concludes  with  recommendations  for  future  research. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Other  (Transportation) 

KEYWORDS:  Automated  Vehicle  Avoidance  Identification  and  Location  System,  AVAILS,  Motor 
Transportation 


APPLICATION  PROGRAMMER’S  INTERFACE  (API)  FOR  HETEROGENEOUS  LANGUAGE 
ENVIRONMENT  AND  UPGRADING  THE  LEGACY  EMBEDDED  SOFTWARE 

Theng  C,  Moua 

B.S.E.E.,  San  Diego  State  University,  1985 
Master  of  Science  in  Software  Engineering-September  2001 
Advisor;  Valdis  Berzins,  Department  of  Computer  Science 
Second  Reader:  Jun  Ge,  National  Research  Council  Research  Associate 

Legacy  software  systems  in  the  Department  of  Defense  (DoD)  have  been  evolving  and  are  becoming 
increasingly  complex  while  providing  more  functionality.  The  shortage  of  original  software  designs,  lack  of 
corporate  knowledge  and  software  design  documentation,  unsupported  programming  languages,  and 
,  obsolete  real-time  operating  system  and  development  tools  have  become  critical  issues  for  the  acquisition 
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community.  Consequently,  these  systems  are  now  very  costly  to  maintain  and  upgrade  in  order  to  meet 
current  and  future  functional  and  nonfunctional  requirements. 

This  thesis  proposes  a  new  interoperability  model  for  re-engineering  of  old  procedural  software  of  the 
Multifunctional  Information  Distributed  System  Low  Volume  Terminal  (MIDS-LVT)  to  a  modem  object- 
oriented  architecture.  In  the  MIDS-LVT  modernization  acquisition  strategy,  only  one  Computer  Software 
Configuration  Item  (CSCI)  component  at  a  time  will  be  redesigned  into  an  object-oriented  program  while 
interoperability  with  other  unmodified  CSCIs  in  the  MIDS-LVT  distributed  environment  must  be 
maintained.  Using  this  model,  each  legacy  CSCI  component  can  be  redesigned  independently  without 
affecting  the  others. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Multi-Functional  Information  Distributed  System  Low  Volume  Terminal,  MIDS-LVT, 
Object-Orientated  Database,  Computer  Software  Configuration  Item,  CSCI 


USING  NETWORK  MANAGEMENT  SYSTEMS  TO  DETECT  DISTRIBUTED 
DENIAL  OF  SERVICE  ATTACKS 
Chandan  Singh  Negi-Lieutenant,  Indian  Navy 
B.  Tech.,  Jawaharlai  Nehru  University,  India,  1994 
Master  of  Science  in  Computer  Science-September  2001 
Master  of  Science  in  Information  Systems  Technoiogy-September  2001 
Advisors:  Alex  Bordetsky,  Department  of  Information  Sciences 
Paul  Clark,  Department  of  Computer  Science 

Distributed  Denial  of  Service  (DDoS)  attacks  have  been  increasingly  found  to  be  affecting  the  normal 
functioning  of  organizations  causing  billions  of  dollars  of  losses.  Organizations  are  trying  their  best  to 
minimize  their  losses  from  these  systems.  However,  most  of  the  organizations  widely  use  the  Network 
Management  Systems  (NMS)  to  observe  and  manage  their  networks.  One  of  the  major  functional  areas  of  a 
NMS  is  Security  Management.  This  thesis  examines  how  the  Network  Management  Systems  could  aid  in 
the  detection  of  the  DDoS  attacks  so  that  the  losses  from  these  could  be  minimized.  The  thesis  details  the 
SNMP  MIB  variables  of  importance  for  detecting  these  attacks  and  the  MIB  signatures  of  the  specific 
attack. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Distributed  Denial  of  Service,  DDOS,  Network  Management  System,  NMS,  MIB,  SNMP 


A  REQUIREMENTS  SPECIFICATION  OF  MODIFICATIONS  TO  THE  FUNCTIONAL 
DESCRIPTION  OF  THE  MISSION  SPACE  RESOURCE  CENTER 
Paul  M.  Nelson-Major,  United  States  Army 
B.S.,  United  States  Military  Academy,  1981 
Master  of  Science  in  Software  Engineering-June  2001 
Advisor:  Luqi,  Department  of  Computer  Science 
Second  Reader:  Man-Tak  Siting,  Department  of  Computer  Science 

The  Defense  Modeling  and  Simulation  Office  developed  the  Functional  Description  of  the  Mission  Space 
(FDMS)  Resource  Center  under  the  guidance  of  Department  of  Defense  (DoD)  5000.59-P,  DoD  Modeling 
and  Simulation  Master  Plan.  The  FDMS  Resource  Center  provides  a  controlled  repository  for  modeling 
and  simulation  (M&S)  data  and  promotes  data  standardization  and  reuse.  The  Resource  Center  is  currently 
operational  at  http://38.241. 48.9. 

Use  of  the  FDMS  Resource  Center  is  voluntary  on  the  part  of  DoD  M&S  organizations,  although 
maximum  use  of  the  Center  is  paramount  if  standardization  and  reuse  synergies  are  to  be  realized.  In  an 
effort  to  encourage  more  use  of  the  Resource  Center's  capabilities,  the  author  analyzed  the  Resource 
Center,  interviewed  the  Center's  principals,  and  developed  a  set  of  requirements  governing  screenshot 
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appearance,  data  workflow  control,  and  privilege  permission  selections  which  should  simplify  and  clarify 
the  Center’s  user  processes, 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Modeling  and  Simulation 

KEYWORDS:  Modeling,  Simulation,  FDMS,  DMSO,  MSRR,  Requirements,  Software  Engineering, 
Systems  Engineering,  Software  Intensive 


EMERGENT  LEADERSHIP  ON  COLLABORATIVE  TASKS  IN  DISTRIBUTED 

VIRTUAL  ENVIRONMENTS 
Krist  D.  Norlander-Lieutenant,  United  States  Navy  Reserve 
B.S,,  San  Diego  State  University,  1994  i;- 

Master  of  Science  in  Modeling,  Virtual  Environments,  and  Simulation-September  2001 
Advisor:  Rudolph  P,  Darken,  Department  of  Computer  Science 
Second  Reader:  Susan  G,  Hutchins,  Department  of  Information  Sciences 

Several  Department  of  Defense  agencies  are  currently  investigating  the  use  of  distributed  collaborative 
virtual  environments  (CVE)  for  the  training  of  small  dismounted  infantry  teams.  If  these  systems  are  to  be 
successful,  they  will  have  to  do  more  than  simply  allow  the  team  members  to  execute  a  task.  In  addition  to 
assuring  that  essential  training  in  the  CVE  transfers  to  the  real  task,  it  must  be  ensured  that  aspects  of  team 
organization  also  transfer.  In  particular,  this  thesis  investigates  whether  or  not  predicted  emergent 
leadership,  as  measured  by  standardized  personality  tests,  holds  within  a  CVE  or  if  aspects  of  the  interface 
interfere. 

For  a  given  "real-world”  task  domain  a  leader  can  be  predicted  based  on  personality  traits  of  the 
individuals  within  the  group.  The  interface  utilized  with  a  CVE  may  adversely  affect  these  traits.  In  other 
words,  predictive  measures  of  leadership  in  the  real  world  may  not  hold  in  a  CVE. 

The  study  reported  here  will  use  this  predictability  to  identify  the  expected  emergent  leader  within  a 
group  and  determine  how  the  CVE  interface  affects  the  ability  of  the  predicted  individual  to  emerge  as  the 
leader.  It  is  theorized  that  the  limitations  of  CVE  interfaces  (field  of  view,  realism,  etc.)  will  negatively 
impact  the  transfer  of  leadership  personality  traits  into  the  virtual  environment,  but  not  id  a  degree  that  the 
limitation  cannot  be  overcome.  These  limitations  may  impact  the  group  dynamics  and  the  emergent  leader 
may  not  necessarily  be  the  predicted  leader  by  personality  traits. 

DoD  KEY  TECHNOLOGY  AREAS:  Modeling  and  Simulation 
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AN  ARCHITECTURE  AND  PROTOTYPE  SYSTEM  FOR  AUTOMATICALLY  PROCESSING 
NATURAL-LANGUAGE  STATEMENTS  OF  POLICY 
Vanessa  L.  Ong-Lieu tenant,  United  States  Naval  Reserve 
B.S.,  University  of  Oklahoma,  1990 
Master  of  Science  in  Computer  Science-March  2001 
Advisors:  J.  Bret  Michael,  Department  of  Computer  Science 
Neil  C.  Rowe,  Department  of  Computer  Science 

Organizations  are  policy-driven  entities.  Policy  bases  can  be  very  large  and  complex;  these  factors  are 
compounded  by  the  dynamic  nature  of  policy  evolution.  Thus,  comprehension  of  the  ramifications  of  both 
policy  modification  and  assurance  of  the  consistency,  completeness,  and  correctness  of  a  policy  base 
necessarily  requires  some  level  of  computer-based  support. 

A  policy  workbench  is  an  integrated  set  of  computer-based  tools  for  developing,  reasoning  about,  and 
maintaining  policy.  A  workbench  takes  as  input  a  computationally  equivalent  form  of  policy  statements. 

In  this  thesis,  approaches  for  translating  natural-language  policy  statements  into  their  equivalent 
computational  form  with  minimal  user  interaction  are  explored.  The  architecture  of  a  natural-language 
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input-processing  tool  (NLIPT)  is  presented,  which  was  designed  to  augment  a  policy  workbench.  NLIPT 
components  consist  of  an  extractor,  index-term  generator,  structural  modeler,  and  logic  modeler. 

Experiments  .were  with  a  prototype  of  the  extractor.  The  extractor  successfully  parsed  twenty-seven  of 
a  sample  of  ninety-nine  of  U.S.  Department  of  Defense  security  policy  statements.  An  additional  twenty- 
one  statements  were  correctly  parsed  based  on  the  syntactic  structure  of  the  input. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Command,  Control,  and 

Communications,  Human  Systems  Interface 
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TRUST  AND  ITS  RAMIFICATIONS  FOR  THE  DOD  PUBLIC  KEY  INFRASTRUCTURE 
Carl  M.  Pedersen-Lieutenant,  United  States  Navy 
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Master  of  Science  in  Information  Systems  and  Operations-March  2001 
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Audun  Josang,  Queensland  University  of  Technology 

Researchers  have  used  a  wide  variety  of  trust  definitions,  leading  to  a  plethora  of  meanings  of  the  concept. 
But  what  does  the  word  'trust'  mean?  While  most  scholars  provide  their  own  definition  of  trust,  they  are 
dissatisfied  regarding  their  own  lack  of  consensus  about  what  trust  is.  Trust  is  a  cognitive  function  and 
modeling  trust  is  an  attempt  to  emulate  the  way  a  human  assesses  trust.  Models  of  trust  have  been 
developed  in  an  attempt  to  automate  the  logic,  variables,  and  thought  processes  that  a  human  performs 
when  making  a  trust-decision.  This  thesis  evaluates  the  various  forms  of  trust  and  trust  models.  The 
results  from  our  research  found  no  such  model  that  incorporates  both  mandatory  and  discretionary  trust.  A 
new  hybrid  model  will  be  introduced,  the  "D-M  Model."  The  motivation  for  using  the  model  in  the  context 
of  trust  stems  primarily  from  the  appropriate  use  of  discretionary  and  mandatory  trust  policies  in 
organizations  to  ensure  precision,  consistency,  and  added  assurance  in  trust.  The  real  value  of  the  D-M 
model,  is  that  it  addresses  the  need  to  model  both  of  these  types  of  policies  explicitly  and  concurrently. 
This  thesis  concludes  with  the  assessment  of  two  practical  applications  of  the  D-M  trust  model  as  it  is 
applied  to  DoD's  Joint  Task  Forces. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Trust  Models,  Trust  Management,  Public  Key  Infrastructure  (PKI),  Computer  Security 


ANALYZING  INPUT/OUTPUT  SUBSYSTEM  SECURITY  IN  WINDOWS  CE 
Barbara  A.  Pereira-DoD  Civilian 
B.S.,  University  of  Missouri  -  Columbia,  1995 
Master  of  Science  in  Computer  Science-June  2001 
Advisor:  Cynthia  E.  Irvine,  Department  of  Computer  Science 
Second  Reader:  Paul  Clark,  Department  of  Computer  Science 

In  the  past  few  years,  mobile  handheld  devices  have  emerged  as  an  exciting  new  tool  for  accomplishing 
everyday  tasks.  Devices  with  the  Windows  CE  operating  system  provide  flexibility  for  the  designer  in  the 
form  of  customizable  modules  and  components.  With  wireless  capabilities  and  a  familiar  user  interface, 
Windows  CE  devices  are  becoming  popular  for  such  tasks  as  inventory  control  and  information  retrieval. 
By  enhancing  the  self-protection  of  the  operating  system,  handheld  devices  could  be  used  in  more 
demanding  environments.  This  thesis  reviews  the  security  redesign  of  operating  systems  and  explores  the 
applicability  of  such  redesign  to  the  Windows  CE  operating  system.  The  existing  security  mechanisms  in 
Windows  CE  are  described,  and  the  operating  system  itself  is  critically  examined  for  security  weaknesses, 
especially  in  the  Input/Output  subsystem  area.  Recommendations  are  made  for  improving  the  self¬ 
protection  of  Windows  CE.  Future  work  is  suggested  in  two  areas:  analyzing  other  Windows  CE 
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subsystems  in  terms  of  security,  and  developing  a  method  of  authenticating  a  Windows  CE  device  to  a 
server, 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 
KEYWORDS:  Operating  Systems,  Handheld  devices,  PDA  Security,  Windows  CE 


METHODS  FOR  DETERMINING  OBJECT  CORRESPONDENCE 
DURING  SYSTEM  INTEGRATION 
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Object  correlation  is  a  semantic  comparison  of  exported  entities  from  one  system  to  imported  entities  of 
another.  Current  research  in  search  algorithms  and  artificial  intelligence  methods  for  pattern  matching  can 
aid  integrators  in  finding  these  matches.  This  thesis  proposes  a  two-stage  correlation  process  for  resolving 
various  kinds  of  heterogeneity  found  in  legacy  DoD  systems  in  order  to  facilitate  interoperability,  A 
prototype  built  using  these  methods  is  explained,  results  compared  to  current  correlation  methods,  and 
recommendations  made  for  further  improvements. 

The  end  of  the  Cold  War  and  the  Defense  Reorganization  Act  of  1986,  began  a  new  era  of 
unprecedented  cooperation  among  the  U.S.  military  services  and  our  allies.  Increasingly  dynamic  missions 
have  required  warfighters  to  share  information  quickly  and  seamlessly  while  a  decreasing  defense  budget 
has  left  few  resources  to  build  the  infrastructure  needed  to  implement  this  information  exchange  in  legacy 
heterogeneous  date,  systems.  One  possible  solution  to  achieving  interoperability  of  information  systems  is 
Young's  Federated  Interoperability  Model.  This  model  allows  system  designers  to  advertise  the  kinds  of 
information  they  produce  and  consume  and  then  automatically  provides  translation  services.  Before  data 
and  services  can  be  shared,  however,  integrators  must  resolve  exactly  what  kinds  of  date  they  are  providing 
so  that  other  systems  in  the  network  can  decide  if  that  data  is  appropriate  for  their  use.  That  is  the  purpose 
of  the  proposed  correlation  algorithm. 

DoD  KEY  TECHNOLOGY  AREAS:  Command,  Control,  and  Communications,  Computing  and 
Software 
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Modernization  of  Department  of  Defense  (DoD)  weapon  systems  has  resulted  in  an  ever-increasing 
dependence  on  software.  Despite  technological  advances  in  the  software  field,  software  development 
remains  costly  and  one  of  the  highest  risk  factors  on  most  weapon  system  programs.  The  use  of  software 
metrics  is  a  methodology  for  mitigating  this  uncertainty  so  that  software  development  progresses  under 
informed  decision  making.  Software  metrics  are  essential  tracking  tools  used  by  program  managers  to 
monitor  and  control  risk  areas.  However,  the  choice  of  metrics  for  a  program  is  critical  to  their  usefulness. 


THESIS  ABSTRACTS 


This  research  provides  a  guide  to  acquisition  managers  on  selecting  the  most  effective  metrics  to  use  in 
management  of  weapon  system  software.  The  study  identifies  key  issues  in  the  use  of  software  metrics 
experienced  by  program  managers.  The  study  recommends  a  revised  set  of  metrics  and  improvements  to 
the  use  of  metrics  based  on  innovations  and  improvements  in  the  software  field  as  well  as  software 
estimation  tools  that  facilitate  the  use  of  these  software  metrics. 
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OPTIMIZATION  OF  DISTRIBUTED,  OBJECT-ORIENTED  ARCHITECTURES 

William  J.  Ray,  DoD  Civilian 
B.S.,  Purdue  University,  1985 
M.S.,  Naval  Postgraduate  School,  1997 
Doctor  of  Philosophy  in  Software  Engineering-September  2001 
Dissertation  Supervisor:  Valdis  Berzins,  Department  of  Computer  Science 

Object-Oriented  computing  is  fast  becoming  the  de-facto  standard  for  software  development.  Optimal 
deployment  strategies  for  object  servers  change  given  variations  in  object  servers,  client  applications, 
operational  missions,  hardware  modifications,  and  various  other  changes  to  the  environment.  Once 
distributed  object  servers  become  more  prevalent,  there  will  be  a  need  to  optimize  the  deployment  of  object 
servers  to  best  serve  the  end  user's  changing  needs.  Having  a  system  that  automatically  generates  object 
server  deployment  strategies  would  allow  users  to  take  full  advantage  of  their  network  of  computers.  Many 
systems  have  very  predictable  points  in  time  where  the  usage  of  a*  network  changes.  These  systems  are 
Usually  characterized  by  shift  changes  where  the  manning  and  functions  preformed  change  from  shift  to 
shift.  We  propose  a  pro-active  optimization  approach  that  uses  predictable  indicators  like  season,  mission, 
and  other  foreseeable  periodic  events.  The  proposed  method  profiles  object  servers,  client  applications, 
user  inputs  and  network  resources.  These  profiles  determine  a  system  of  equations  that  is  solved  to  produce 
'  an  optimal  deployment  strategy  for  the  predicted  upcoming  usage  by  the  users  of  the  system  of  computers 
and  servers. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Distributed  Object  Orientated  Architecture,  Distributed  Object  Servers 

QUALITY  OF  SERVICE  FOR  IP-BASED  NETWORKS 
Konstantinos  Sambanis-Lieutenant,  Hellenic  Navy 
B.S.,  Hellenic  Naval  Academy,  1989 
Master  of  Science  in  Computer  Science-March  2001 
Master  of  Science  in  Information  Technology  Management-March  2001 
Advisor:  Gilbert  M.  Lundy,  Department  of  Computer  Science 
Rex  A.  Buddenberg,  Information  Systems  Academic  Group 

In  recent  decades,  the  networking  community  has  been  looking  for  strategies  to  converge  over  a  single 
common  network  infrastructure  carrying  voice,  video  and  data.  The  pervasive  and  ubiquitous  packet-based 
IP  network  provides  the  most  convenient  platform  for  the  desirable  convergence,  where  resources  can  be 
managed  in  an  efficient  and  dynamic  manner. 

The  gradual  convergence  into  the  IP  infrastructure  introduces  multimedia-rich  and  interactive 
applications  that  are  bandwidth-intensive  and  delay-bound,  while  more  sophisticated  data  applications  are 
deployed  that  place  new  demands  onto  IP  networks.  The  IP-based  network  is  evolving  to  satisfy  the 
requirements  of  traffic  differentiation  and  reliable  service.  Quality  of  Service  (QoS)  mechanisms  are 
introduced  to  meet  the  traffic  expectations  and  enhance  the  basic  service  model  of  the  network  in  many 
subtle  ways. 
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This  thesis  provides  a  comprehensive  examination  of  QoS  mechanisms  and  protocols  that  have 
surfaced  to  optimize  the  utilization  of  network  resources,  to  provide  differentiated  treatment  of  traffic  and 
enforce  the  appropriate  policies.  The  study  proposes  a  balanced  approach  of  bandwidth  increase  and 
integration  of  robust  QoS  techniques  into  existing  IP  network  infrastructure  to  arrive  at  a  convergent, 
multiservice  and  scalable  telecommunications  network.  Findings  from  this  thesis  can  be  incorporated  into 
the  design  and  implementation  of  an  integrated  network  within  a  large  organization  that  will  deliver 
accurate  services  and  defined  level  of  performances. 


BoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Command,  Control,  and 
Communications 


KEYWORDS:  Networking,  Convergence,  Quality  of  Service,  IP  Multiservice  Network,  Policy-based 
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A  PATTERN-MATCHING  APPROACH  FOR  AUTOMATED  SCENARIO-DRIVEN 
TESTING  OF  STRUCTURED  COMPUTATIONAL  POLICY 
Mehmet  Sezgin-First  Lieutenant,  Turkish  Army 
B.S.,  Turkish  Military  Academy,  1996 
Master  of  Science  in  Computer  Science-September  2001 
Advisors:  James  Bret  Michael,  Department  of  Computer  Science 
Richard  Riehle,  Department  of  Computer  Science 

Organizations  are  policy-driven  entities.  Policy  bases  can  be  very  large  and  complex;  these  factors  are  in 
the  dynamic  nature  of  policy  evolution.  The  mechanical  aspects  of  policy  modification  and  assurance  of  the 
consistency,  completeness,  and  correctness  of  a  policy  base  can  be  automated  to  some  degree.  Such 
support  is  known  as  computer  support  for  policy.  An  object-oriented  schema-based  approach  to  structure 
policy  was  developed.  The  structural  model  consists  of  Unified  Modeling  Language  class  and 
collaboration  diagrams.  The  structural  model  is  used  by  a  suite  of  testing  tools.  A  case  study  is  presented  to 
illustrate  the  approach  to  automated  testing  of  policy.  The  approach  to  test-case  generation  is  based  on  the 
use  of  patterns  within  policy  statements  and  relationships  between  policy  objects.  The  test  spectrum  has 
query-specific  tests  at  one  end,  and  the  generic  types  of  tests  at  the  other  end.  The  use  of  statistical 
inference  to  reuse  test  cases  is  introduced  by  determining  the  patterns  that  approximate  the  query-to-be- 
executed,  Query  mapping,  anytime  reasoning  and  fuzzy  logic  concepts  in  policies  and  their  applications  are 
discussed 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 
KEYWORDS:  Computer  Support  for  Policy 


SOFTWARE  ARCHECTURE  RECONSTRUCTION  METHODOLOGY 
IN  THE  CONTEXT  OF  PRODUCT  LINE 
Abdul  M,  Slddlqui-DoD  Civilian 
B.S.,  Illinois  Institute  of  Technology,  1991 
Master  of  Science  in  Software  Engineering-December  2000 
Advisor:  Valdis  Berzins,  Department  of  Computer  Science 
Second  Reader:  Man-Tak  Shing,  Department  of  Computer  Science 

Software  common  architecture  is  widely  believed  to  be  a  promising  product-line  approach  for  significantly 
improving  software  development  efforts,  quality  control  and  time-to-market  of  the  software  systems.  One 
of  the  key  efforts  to  meet  our  goal  of  software  reconstruction  of  architecture  in  the  US  Army  Bradley  A3 
BFIST  program  was  to  manage  and  trace  the  requirements  of  the  currently  existing  software  architecture 
and  the  new  requirements  developed  for  the  program.  Based  on  the  requirement  similarities  and  matching, 
software  components  can  be  identified  for  reuse.  This  effort  of  requirement  management  and  analysis  also 
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gave  a  clear  understanding  of  the  external  interface  the  software  components  have  and  the  message/data 
traffic  between  the  components  in  the  system. 

This  thesis  highlights  the  Software  Architecture  Reconstruction  Methodology  of  the  A3  BFIST 
program,  the  programmatic  challenges  involved,  efforts  of  the  Program  Managers  Office  to  minimize  the 
project  risks  regarding  the  requirements  management  for  software  reuse  and  the  lessons  learned  from  the 
effort.  The  A3  BFIST  Program  is  a  successful  project  regarding  software  common  architecture 
reconstruction.  Efforts  in  managing  requirements  to  identify  components  for  software  reuse  resulted  in: 
Reused  software  components:  80%;  Modified  software  components:  5%;  and  New  software  components: 
15  %.  The  program  reduced  the  risk  of  cost  and  scheduling  by  having  this  architecture  reconstruction 
process  in  place. 

DoD  KEY  TECHNOLOGY  AREAS:  Command,  Control  and  Communications,  Computing  and  Software 

KEYWORDS:  Software  Architecture  Reconstruction,  Software  Reuse  for  Product  Line,  Software 
Management,  Risk  Management,  Software  Process  Model 


ADVANCED  QUALITY  OF  SERVICE  MANAGEMENT  FOR  NEXT  GENERATION  INTERNET 
Paulo  R.  Silva-Lieutenant  Commander,  Portuguese  Navy 
B.S.,  Portuguese  Naval  Academy,  1988 
Master  of  Science  in  Computer  Science-September  2001 
Advisors:  Geoffrey  Xie,  Department  of  Computer  Science 
Second  Reader:  Bert  Lundy,  Department  of  Computer  Science 

Future  computer  networks,  including  the  Next  Generation  Internet  (NGI),  will  have  to  support  applications 
with  a  wide  range  of  service  requirements,  such  as  real-time  communication  services.  These  applications 
are  particularly  demanding  since  they  require  performance  guarantees  expressed  in  terms  of  delay,  delay 
jitter,  throughput  and  loss  rate  bounds.  In  order  to  provide  such  quality-of-service  (QoS)  guarantees,  the 
network  must  implement  a  resource  reservation  mechanism  for  reserving  resources  such  as  bandwidth  for 
individual  connections.  Additionally,  the  network  must  have  an  admission  control  mechanism,  for 
selectively  rejecting  some  QoS-sensitive  flow  requests  based  on  resource  availability  or  administrative 
policies. 

The  Server  and  Agent-based  Active  Network  Management  (SAAM)  is  a  network  management  system 
designed  to  meet  the  requirements  of  NGI.  In  SAAM,  emerging  services  models  like  Integrated  Services 
(IntServ)  and  Differentiated  Services  (DiffServ),  and  the  classical  best  effort  service  are  concurrently 
sharing  network  resources.  This  thesis  develops  and  demonstrates  in  SAAM  a  novel  resource  management 
concept  that  addresses  the  difficulties  posed  by  QoS  networks.  With  the  new  resource  reservation  and 
admission  control  approaches,  the  sharing  mechanism  is  dynamic  and  adapts  to  network  load.  It  ensures 
high  resource  utilization  while  meeting  QoS  requirements  of  network  users. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Server*  and  Agent-based  Active  Network  Management,  SAAM,  Network  Management 
System 

ANALYSIS  OF  ROUGH  SURFACE  LIGHTING  BEHAVIORS  WITH  OPENGL 
Christopher  P.  Slattery-Lieutenant,  United  States  Navy 
B.S.,  United  States  Naval  Academy,  1994 

Master  of  Science  in  Modeling,  Virtual  Environments,  and  Simulation-September  2001 
Advisor:  Wolfgang  Baer,  Department  of  Computer  Science 
Second  Reader:  Samuel  E.  Buttrey,  Department  of  Operations  Research 

In  the  physical  world,  humans  gather  valuable  information  about  objects  through  their  sight.  Information  on 
shape,  feel  and  composition  are  seen  long  before  the  object  is  touched.  This  information  is  generated  by 
light  reflecting  off  the  surface  of  objects.  Despite  the  advancement  of  computer  graphics  due  to  increased 
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hardware  rendering  capacity,  the  fundamental  equations,  which  draw  three-dimensional  scenes,  lack  the 
ability  to  truly  model  realistic  objects.  Whether  it  is  smooth  like  highly  polished  metal  or  rough  like  the 
shag  of  a  carpet,  it  is  the  reflection  of  light  that  tells  humans  what  a  surface  feels  like.  The  attempt  taken  in 
this  thesis  to  implicitly  model  the  roughness  of  textured  surfaces  through  examination  of  an  explicit  model 
rendered  with  the  OpenGL  lighting  equation.  This  approach  has  the  potential  to  successfully  increase  the 
realism  of  computer  graphics  without  increasing  polygon  count  required  for  explicit  surface  generation. 
Through  simulation  of  an  explicitly  constructed  rough  surface  followed  by  the  analysis  of  the  behavior  of 
its  reflected  light,  the  initial  behaviors  of  textured  surface  reflections  are  identified.  While  these  behaviors 
are  not  enough  to  create  corrections  to  the  OpenGL  lighting  equation,  they  lay  the  foundation  for  further 
development. 

DoD  KEY  TECHNOLOGY  AREAS;  Computing  and  Software 
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WEB-BASED  TRAINING  FOR  THE  HELLENIC  NAVY 
Georgios  Stavritis-Lieutenant,  Hellenic  Navy 
B.S.,  Hellenic  Naval  Academy,  1992 
Master  of  Science  in  Computer  Science-September  2001 
Advisor;  Rudolph  Darken,  Department  of  Computer  Science 
Second  Reader;  LCDR  Chris  Eagle,  USN,  Department  of  Computer  Science 

The  Hellenic  Navy  is  looking  to  implement  new  ways  of  educating  its  personnel.  Continuous  training  is  a 
key  to  improve  the  performance  of  personnel.  Increased  operational  tasks  are  preventing  participation  of  a 
large  portion  of  active  military  personnel  in  traditional  classroom  seminars  and  courses.  Distance  learning 
is  a  solution,  which  eliminates  the  need  for  the  physical  presence  of  a  student  m  a  classroom.  New  means  of 
communication  such  as  computer  networks  can  deliver  a  large  amount  of  information  practically  to  any 
place  in  the  world.  Those  against  distance  learning  methods  claim  that  the  quality  of  distance  learning 
courses  is  not  equivalent  to  that  of  a  traditionally  taught  course.  In  our  work,  the  same  course  was  taught 
both  in  a  classroom  and  on  the  Web.  The  performance  of  the  students  in  the  classroom  was  compared  to 
those  taking  the  course  online.  Specific  design  principals  were  used  for  the  Web  site  in  order  to  achieve  the 
best  interface  to  deliver  the  course  material. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Manpower,  Personnel  and  Training 
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PRINCIPLES  FOR  WEB-BASED  INSTRUCTION 
Erich  L  Stefanyshyn-Captain,  United  States  Marine  Corps 
B.A.,  St.  John's  University,  1990 
Master  of  Science  in  Computer  Science-September  2001 
Advisor;  Rudolph  Darken,  Department  of  Computer  Science 
Anthony  Ciavarelli,  School  of  Aviation  Safety 

This  thesis  presents  a  set  of  principles  for  web-based  instruction  based  on  literature  from  instructional 
design,  usability  engineering,  and  human-computer  interaction.  A  questionnaire  based  on  usability  and 
instructional  design  attempts  to  show  that  in  order  to  improve  web-based  instruction,  usability  and 
instructional  design  need  to  be  taken  into  consideration  when  constructing  long  distance  courses  via  the 
Web.  The  results  show  that  usability  and  instructional  design  are  dependent  upon  each  other  in  order  to 
present  an  effective  on-line  course  while  simultaneously  learning  from  it. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software,  Manpower,  Personnel  and  Training 
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REQUIREMENTS  FOR  THE  DEPLOYMENT  OF  PUBLIC  KEY  INFRASTRUCTURE  (PKI)  IN 

THE  USMC  TACTICAL  ENVIRONMENT 
Alan  R.  Stocks-Major,  United  States  Marine  Corps 
M.S.,  Troy  State  University,  1996 

Master  of  Science  in  Information  Technology  Management-June  2001 
Advisors:  Daniel  F.  Warren,  Department  of  Computer  Science 
Cynthia  E.  Irvine,  Department  of  Computer  Science 

Marine  forces  are  expeditionary  in  nature  yet  require  the  full  range  of  Public  Key  Infrastructure  (PKI) 
services  at  deployed  sites  with  limited  bandwidth  and  access  to  their  respective  Registration  Authority 
(RA).  The  development  of  a  PKI  solution  for  the  tactical  arena  is  a  fluid  and  complex  challenge  that  needs 
to  be  answered  in  order  to  ensure  the  best  support  of  tactically  deployed  forces.  Deployed  Marine  forces 
will  need  the  capability  to  issue  and  re-issue  certificates,  perform  certificate  revocation,  and  perform  key 
recovery  within  the  command  element  of  the  deployed  unit.  Since  the  current  United  States  Marine  Corps 
(USMC)  PKI  was  not  designed  with  the  tactical  environment  in  mind,  the  full  extent  of  PKI  deficiencies 
for  field  operation  is  unknown.  This  thesis  begins  by  describing  public  key  cryptography,  the 
implementation  and  objectives  of  a  USMC  PKI,  and  the  components  necessary  to  operate  a  PKI.  Next, 
tactical  issues  that  have  been  identified  as  areas  of  concern  along  with  their  proposed  solutions  are 
presented.  Supporting  material  describes  design  issues,  such  as  scalability  and  interoperability,  and 
technical  challenges,  such  as  certificate  revocation  lists  (CRL),  key  escrow  and  management  of  tokens 

DoD  KEY  TECHNOLOGY  AREA:  Other  (Public  Key  Management) 

KEYWORDS:  Public  Key  Infrastructure  (PKI),  Computer  Security,  Navy  Marine  Corps  Intranet  (NMCI) 


DYNAMIC  ASSEMBLY  FOR  SYSTEM  ADAPTABILITY,  DEPENDABILITY 
AND  ASSURANCE  (DASADA)  PROJECT  ANALYSIS 
Charles  A.  Stowell,  11-Lieutenant  Commander,  United  States  Naval  Reserve 

B.S.,  The  Citadel,  1985 
M.S.,  Central  Michigan  University,  1997 
Master  of  Science  in  Information  Technology  Management-June  2001 
,  and 

Wayne  S.  Mandak-Major,  United  States  Marine  Corps 
B.S.,  Allegheny  College,  1983 
Master  of  Science  in  Computer  Science-June  2001 
Advisors:  Luqi,  Department  of  Computer  Science 
Man-Tak  Shing,  Department  of  Computer  Science 
John  S.  Osmundson,  Command,  Control,  Communications,  Computers,  and 
Intelligence  Academic  Group 
Richard  Riehle,  Department  of  Computer  Science 

This  thesis  focuses  on  an  analysis  of  the  dynamic  behavior  of  software  designed  for  future  Department  of 
Defense  systems.  The  DoD  is  aware  that  as  software  becomes  more  complex,  it  will  become  extremely 
critical  to  have  the  ability  for  components  to  change  themselves  by  swapping  or  modifying  components, 
changing  interaction  protocols,  or  changing  its  topology.  The  Defense  Advanced  Research  Programs 
Agency  formed  the  Dynamic  Assembly  for  Systems  Adaptability,  Dependability,  and  Assurance 
(DASADA)  program  in  order  to  task  academia  and  industry  to  develop  dynamic  gauges  that  can  determine 
run-time  composition,  allow  for  the  continual  monitoring  of  software  for  adaptation,  and  ensure  that  all 
user  defined  properties  remain  stable  before  and  after  composition  and  deployment.  Through  the  study,  a 
review  of  all  the  DASADA  technologies  were  identified  as  well  as  a  thorough  analysis  of  all  19  project 
demonstrations. 

This  thesis  includes  a  template  built  using  the  object-oriented  methodologies  of  the  Unified  Modeling 
Language  (UML)  that  will  allow  for  functional  and  non-functional  decomposition  of  any  DASADA 
software  technology  project.  In  addition,  this  thesis  includes  insightful  conclusions  and  recommendations 
on  those  DASADA  projects  that  warrant  further  study  and  review. 
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WEB  DATABASE  DEVELOPMENT 
Nikolaos  A.  Tsardas-Captain,  Hellenic  Army 
B.S.,  Hellenic  Army  Academy,  1989 
Master  of  Science  in  Computer  Science-September  2001 
Advisor:  Thomas  Otani,  Department  of  Computer  Science 
Second  Reader:  LCDR  Chris  Eagle,  USN,  Department  of  Computer  Science 

This  thesis  explores  the  concept  of  Web  database  development  using  Active  Server  Pages  (ASP)  and  Java 
Server  Pages  (JSP).  These  are  among  the  leading  technologies  in  the  web  database  development.  The  focus 
of  this  thesis  was  to  analyze  and  compare  the  ASP  and  JSP  technologies,  exposing  their  capabilities, 
limitations,  and  differences  between  them.  Specifically,  issues  related  to  back-end  connectivity  using  Open 
Database  Connectivity  (ODBC)  and  Java  Database  Connectivity  (JDBC),  application  architecture, 
performance,  and  web  security  were  examined.  For  demonstration  purposes,  two  applications  were 
developed,  one  with  ASP  and  another  with  JSP.  The  user  interface  and  the  functionality  of  these  two 
applications  were  identical,  while  the  architecture,  performance,  and  back-end  connectivity  was  totally 
different. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 
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REALISTIC  TRAFFIC  GENERATION  CAPABILITY  FOR  SAAM  TESTBED 
Fatih  Turksoyu-Lieutenant  Junior  Grade,  Turkish  Navy 
B.S.,  Turkish  Naval  Academy,  1994 
Master  of  Science  in  Computer  Science-March  2001 
Advisor:  Geoffrey  G.  Xie,  Department  of  Computer  Science 
Second  Reader:  Gilbert  M.  Lundy,  Department  of  Computer  Science 

Traffic  modeling  is  an  important  component  of  the  design  of  any  communication  network.  This  is  even 
more  crucial  for  emerging  networks,  which  are  expected  to  operate  in  high  speed  and  high  bandwidth 
environments.  As  the  design  of  a  network  depends  to  a  great  extent  on  the  types  of  traffic  it  is  expected  to 
carry,  it  is  essential  to  characterize  the  traffic  that  a  network  is  expected  to  carry.  This  is  where  traffic 
models  are  very  important.  They  can  be  used  to  produce  artificial  traffic  input  that  exhibits  essential 
characteristics  of  real  network  loads. 

This  thesis  describes  a  design  and  implementation  of  a  general-purpose  traffic  generator  for  a  testbed 
of  the  Server  and  Agent  Based  Active  Network  Management  (SAAM)  architecture.  The  traffic  generator  is 
easy  to  use  and  implements  the  four  most  important  traffic  models  (Constant  Bit  Rate  (CBR),  Poisson, 
Packet-Train,  and  Self-Similar).  With  this  traffic  generator,  the  SAAM  project  now  has  the  capability  of 
simulating  and  testing  the  system  components  in  more  accurate  and  more  realistic  environments. 
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ANALYSIS  OF  INTEL  IA-64  PROCESSOR  SUPPORT  FOR  SECURE  SYSTEMS 
Bugra  Unalmis-Lieutenant  Junior  Grade,  Turkish  Navy 
B.S.,  Turkish  Naval  Academy,  1995 
Master  of  Science  in  Electrical  Engineering-March  2001 
Advisor:  Cynthia  Irvine,  Department  of  Computer  Science 
Second  Reader:  Frederick  W.  Terman,  Department  of  Electrical  and  Computer  Engineering 

Current  architectures  typically  focus  on  the  software-based  protection  mechanisms  rather  than  hardware  for 
providing  protection.  In  fact,  hardware  security  mechanisms  can  be  critical  for  the  construction  of  a  secure 
system.  If  hardware  security  mechanisms  are  properly  utilized  in  a  system,  security  policy  enforcement  can 
be  simplified.  Systems  could  be  constructed  for  which  serious  security  threats  would  be  eliminated. 

This  thesis  explores  the  Intel  IA-64  processor's  hardware  support  and  its  relationship  to  software  for 
building  a  secure  system.  To  analyze  the  support  provided  by  the  architecture,,  hardware  protection 
mechanisms  were  examined.  This  analysis  focused  on  the  following  mechanisms:  privilege  levels,  access 
rights,  region  identifiers  and  protection  key  registers.  Since  protection  checks  are  made  through  the 
translation  lookaside  buffer  (TLB)  during  the  virtual-to-physical  translations,  the  TLB  structure  was  an  area 
of  focus  throughout  the  research  for  this  thesis.  , 

Proper  use  of  the  TLB-based  hardware  protection  features  permits  protection  in  the  IA-64  architecture. 
It  enables  the  processor  hardware  and  the  operating  system  to  collaborate  to  enforce  security  policies 
efficiently. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 
KEYWORDS:  Protection,  Intel  IA-64  architecture.  Secure  Systems 

THE  EFFECTS  OF  NATURAL  LOCOMOTION  ON  MANEUVERING  TASK  PERFORMANCE 

IN  VIRTUAL  AND  REAL  ENVIRONMENTS 
Eray  Unguder-First  Lieutenant,  Turkish  Army 
B.S.,  Turkish  Army  Academy,  1996 

Master  of  Science  in  Modeling,  Virtual  Environments,  and  Simulation-September  2001 
Advisors:  Rudy  Darken,  Department  of  Computer  Science 
Barry  Peterson,  Department  of  Computer  Science 

This  thesis  investigates  human  performance  differences  on  maneuvering  tasks  in  virtual  and  real  spaces 
when  a  natural  locomotion  technique  is  used  as  opposed  to  an  abstraction  through  a  device  such  as  a 
treadmill.  The  motivation  for  the  development  of  locomotion  devices  thus  far  has  been  driven  by  the 
assumption  that  a  "perfect"  device  will  result  in  human  performance  levels  comparable  to  the  real  world. 
This  thesis  challenges  this  assumption  under  the  hypothesis  that  other  factors  beyond  the  locomotion  device 
contribute  to  performance  degradation.  An  experiment  was  conducted  to  study  the  effects  of  these  other 
factors. 

The  experiment  studied  sidestepping,  kneeling,  looking  around  a  comer,  and  backward  movement 
tasks  related  to  a  building  clearing  exercise.  The  participants  physically  walked  through  the  environment 
under  all  conditions.  There  were  three  treatments:  real  world  (no  display,  physical  objects  present),  virtual 
world  (head-mounted  display,  no  physical  objects),  and  real  and  virtual  world  combined  (head-mounted 
display,  physical  objects  present). 

The  results  suggest  that  performance  and  behavior  are  not  the  same  across  conditions  with  the  real 
world  condition  being  uniformly  better  than  the  virtual  conditions.  This  evidence  supports  the  claim  that 
even  with  identical  locomotion  techniques,  performance  and  behaviors  change  from  the  real  to  the  virtual 
world. 

DoD  KEY  TECHNOLOGY  AREAS:  Modeling  and  Simulation,  Human  Systems  Interface 
KEYWORDS:  Virtual  Environments,  Locomotion  Devices 
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EVALUATION  OF  SURVEILLANCE  RECONNAISSANCE  MANAGEMENT  TOOL  AND 
UTILITY/FUNCTIONALITY  TO  FUTURE  SURFACE  COMBATANTS 
Charlos  D.  Washington-Lieutenant,  United  States  Navy 
B.S.,  United  States  Naval  Academy,  1994 
Master  of  Science  in  Space  Systems  Operations-September  2001 
Advisors:  Dan  Boger,  Department  of  Information  Sciences 
Alan  Ross,  Navy  Tactical  Exploitation  of  National  Capabilities  Chair 
Second  Reader:  Don  McGregor,  Department  of  Computer  Science 

This  abstract  is  classified. 

DoD  KEY  TECHNOLOGY  AREAS:  Command,  Control  and  Communications 
KEYWORDS:  Not  Available 


IMPLEMENTATION  OF  A  MULTI-AGENT  SIMULATION  FOR  THE  NPSNET-V  VIRTUAL 

ENVIRONMENT  RESEARCH  PROJECT 
David  B.  Washington-Major,  United  States  Army 
B.S.,  Tulane  University,  1990 
Master  of  Science  in  Computer  Seience-September  2001 
Advisor:  Michael  Capps,  Department  of  Computer  Science 
Second  Reader:  Don  McGregor,  Department  of  Computer  Science 

Traditional  networked  military  simulation  systems  are  technologically  frozen  the  moment  they  are 
completed,  thus  limiting  the  participants  that  can  interact  in  the  simulation.  When  training  for  urgent 
missions  in  emerging  conflict  areas,  assimilating  new  models,  threat  behaviors,  and  hew  terrain 
environments  into  the  simulators  requires  lengthy ,  integration,  is  prohibitively  costly,  and  is  non- 
distributable  electronically  at  runtime.  Threat  behaviors  are  pre-scripted,  lack  organization,  and  do  not 
accurately  portray  doctrine  or  rules-of-engagement.  • 

NPSNET-V  is  a  novel  architecture  for  networked  simulations  that  supports  scalable  virtual  worlds  with 
built-in  dynamic  entity  loading.  These  advances  address  each  of  the  above  concerns:  scalability,  entity  and 
environment  distribution,  and  dynamic  technology  loading.  By  combining  this  architecture  with  a  system 
for  creating  autonomous,  adaptable  agents,  threat  forces  can  be  accurately  simulated.  This  architecture  is 
useful  for  proposing  designs  for  strategies,  tactics,  or  force  packages  during  the  conduct  of  experiments. 

The  result  of  this  thesis  is  a  proof-of-concept  application  demonstrating  the  utility  of  these  architectural 
advances.  In  this  application,  numerous  autonomous  agents  form  complex,  dynamic,  and  adaptable 
mteractions  with  resident  and  remote  heterogeneous  entities.  These  results  define  the  course  for  future 
military  models  and  simulations. 

DoD  KEY  TECHNOLOGY  AREAS:  Modeling  and  Simulation 
KEYWORDS:  NPSNET-V ,  Autonomous  Adaptable  Agents,  Virtual  Environments 


DYNAMIC  SCALABLE  NETWORK  AREA  OF  INTEREST 
MANAGEMENT  FOR  VIRTUAL  WORLDS 
Michael  S.  Wathen-Lieutenant,  United  States  Navy 
B.S.,  University  of  Oklahoma,  1992 

Master  of  Science  in  Modeling,  Virtual  Environments,  and  Simulation-September  2001 
Advisor:  Michael  Capps,  Department  of  Computer  Science 
Second  Reader:  Don  McGregor,  Department  of  Computer  Science 

A  major  performance  challenge  in  developmg  a  massively  multi-user  virtual  world  is  network  scalability. 
'  This  is  because  the  network  over  which  entities  communicate  can  quickly  develop  into  a  bottleneck.  Three 
critical  factors:  bandwidth  usage,  packets  per  second,  and  network-related  CPU  usage,  should  be  governed 
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by  the  number  of  entities  a  given  user  is  interested  in,  not  the  total  number  of  entities  in  the  world.  The 
challenge  then  is  to  allow  a  virtual  world  to  scale  to  any  size  without  an  appreciable  drop  in  system 
performance. 

To  address  these  concerns,  this  thesis  describes  a  novel  Area  of  Interest  Manager  (AOIM)  built  atop 
the  NPSNET-V  virtual  environment  system.  It  is  a  dynamically  sized,  geographical  region  based,  sender- 
side  interest  manager  that  supports  dynamic  entity  discovery  and  peer-to-peer  entity  communication.  The 
AOIM  also  makes  use  of  tools  provided  by  the  NPSNET-V  system,  such  as  variable  resolution  protocols 
and  variable  data  transmission  rate. 

Performance  tests  have  shown  conclusively  that  these  interest  management  techniques  are  able  to 
produce  dramatic  savings  in  network  bandwidth  usage  in  a  peer-to-peer  virtual  environment.  In  one  test, 
this  AOIM  produced  a  92%  drop  in  network  traffic,  with  a  simultaneous  500%  increase  in  world 
population. 

DoD  KEY  TECHNOLOGY  AREAS:  Modeling  and  Simulation,  Computing  and  Software 
KEYWORDS:  Multi-User  Virtual  World,  Area  of  Interest  Manager,  AOIM 


HUMAN  FACTORS  IN  COAST  GUARD  COMPUTER  SECURITY  -  AN  ANALYSIS 
OF  CURRENT  AWARENESS  AND  POTENTIAL  TECHNIQUES 
TO  IMPROVE  SECURITY  PROGRAM  VIABILITY 
,  Timothy  J.  Whalen-Lieutenant,  U.S.  Coast  Guard 

B.S.,  United  States  Merchant  Marine  Academy,  1990 
Master  of  Science  in  Information  Technology  Management-June  2001 
Advisors:  Cynthia  Irvine,  Department  of  Computer  Science 
Douglas  E.  Brinkley,  Graduate  School  of  Business  and  Public  Policy 

The  Coast  Guard  is  becoming  increasingly  reliant  upon  our  nation's  information  infrastructure.  As  such, 
our  ability  to  ensure  the  security  of  those  systems  is  also  increasing  in  import.  Traditional  information 
security  measures  tend  to  be  system-oriented  and  often  fail  to  address  the  human  element  that  is  critical  to 
system  success.  In  order  to  ensure  information  system  security,  both  system  and  human  factors 
requirements  must  be  addressed. 

This  thesis  attempts  to  identify  both  the  susceptibility  of  Coast  Guard  information  systems  to  human 
.factors-based  security  risks  and  possible  means  for  increasing  user  awareness  of  those  risks.  This  research 
is  meant  to  aid  the  Coast  Guard  in  continuing  to  capitalize  on  emerging  technologies  while  simultaneously 
providing  a  secure  information  systems  environment. 

DoD  KEY  TECHNOLOGY  AREA:  Command,  Control  and  Communication,  Computing  and  Software, 
Human  Systems  Interface 

KEYWORDS:  Computer  Security,  Human  Factors,  Human  Computer  Interaction,  Coast  Guard,  Trust, 
INFOSEC 


CONCEPTS,  APPLICATIONS  AND  ANALYSIS  OF  A 
SUBMARINE  BASED  WIRELESS  NETWORK 
William  G.  Wilkins  Jr.-Lieutenant,  United  States  Navy 
B.S.,  Auburn  University,  1994 
Master  of  Science  in  Computer  Science-June  2001 
Advisor:  Xiaoping  Yun,  Department  of  Electrical  and  Computer  Engineering 
Second  Reader:  C.  Thomas  Wu,  Department  of  Computer  Science 

As  information  technology  tools  continue  to  improve,  we  must  take  advantage  of  this  wave  by  developing 
wise  solutions  to  help  automate  many  daily  tasks  presented  onboard  submarines.  Java  based  applications 
and  Commercial-off-the-shelf  (COTS)  technology  provides  us  low  cost  solutions  that  increase  the 
availability  and  mobility  of  the  information  we  seek.  Small  pen  based  computers  and  wireless  LANS  allow 
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us  to  create  dynamic  and  distributable  applications  that  can  route  paperwork  or  fight  casualties.  It  is 
imperative  we  take  full  advantage  of  these  technologies  in  the  design  of  our  new  submarines  as  well  as  in 
retrofit  of  our  older  ones. 

This  thesis  attempts  to  solve  a  key  task,  Damage  Control  (DC)  communications,  by  designing  a’ Java 
based  application  known  as  SWIPNet  (Submarine  Wireless  Prototyped  Network).  This  virtual  grease 
board  application  uses  multicast  sockets  to  send  standard  DC  and  crew  reports  to  all  wireless  handhelds 
that  participate  in  a  casualty,  A  proposed  Virginia  class  wireless  network,  known  as  the  Non  Tactical  Data 
Processing  System  (NTDPS),  was  then  analyzed  to  determine  network  efficiency  in  the  presence  of 
SWIPNet  and  14  other  submarine  type  network  loads.  Demonstrations  have  proven  that  SWIPNet  provides 
a  more  efficient  way  to  communicate  and  can  function  effectively  on  the  NTDPS. 

DoD  KEY  TECHNOLOGY  AREAS:  Surface/Under  Surface  Vehicles  -  Ships  and  Watercraft, 
Computing  and  Software,  Command,  Control  and  Communications 

KEYWORDS:  Wireless  Local  Area  Network,  Mobile  Computing,  Java,  Per^-Based  Computing,  Pdas, 
Handheld  Computers,  Database,  OPNET  Modeler,  Microsoft  Access,  Damage  Control,  Multicast  Sockets, 
Wireless  Communications 


AN  APPLICATION  OF  ROLE-BASED  ACCESS  CONTROL  IN  AN  ORGANIZATIONAL 
SOFTWARE  PROCESS  KNOWLEDGE  BASE 
William  A.  Windhurst-DoD  Civilian 
B.S.,  Coleman  College,  1982 
Master  of  Science  in  Software  Engineering-June  2001 
Advisors:  James  Bret  Michael,  Department  of  Computer  Science 
John  Osmundson,  Department  of  Command,  Control,  Communications,  Computers,  and 

Intelligence  Academic  Group 

The  Organizational  Software  Process  Knowledge  Base  (OSPKB)  is  the  repository  of  an  organization's 
software  process,  product  performance,  quality  metrics,  and  corporate  lessons  learned.  The  knowledge  is 
maintained  on  a  project-by-project  basis,  as  well  as  by  business  domain.  The  OSPKB  contains  sensitive 
data  and  information  that  needs  to  be  protected  from  unauthorized  disclosure  or  modification.  In  this 
thesis,  we  address  the  challenge  of  controlling  access  to  the  data  and  information  stored  in  the  OSPKB.  In 
particular,  we  investigate  approaches  to  applying  role-based  access  control  (RBAC)  to  OSPKB 
applications. 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Project  Management,  Software  Process  Management,  Role-Based  Access  Control,  Security 


FAULT  TOLERANCE  IN  THE  SERVER  AND  AGENT  BASED  NETWORK 
MANAGEMENT  (SAAM)  SYSTEM 
Troy  Wright-Captain,  United  States  Marine  Corps 
B.  A,,  University  of  Utah,  1992 
Master  of  Science  In  Computer  Science-September  2001 
Advisor:  Geoffrey  Xie,  Department  of  Computer  Science 
Second  Reader:  Bert  Lundy,  Department  of  Computer  Science 

Interconnected  networks  of  computers  are  becoming  increasingly  important.  It  is  the  Internet  that  has 
spurred  the  most  recent  growth  in  global  computer  networks.  The  limitations  of  the  Internet  can  be  blamed 
on  many  factors  but  when  determining  solutions  to  these  shortcomings  the  focus  has  been  on  replacing  the 
current  Internet  Protocol  version  4  (IPv4)  with  the  new  Internet  Protocol  version  6  (IPv6).  Much  work  has 
been  done  and  much  more  work  remains  to  be  done  in  transitioning  to  and  reaping  the  benefits  of  this 
"Next  Generation  Internet."  The  Server  and  Agent  Based  Active  Network  Management  (SAAM)  project  is 
one  of  many'  "Next  Generation  Internet"  projects  that  intend  to  implement  and  exploit  the  enhanced 
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capabilities  of  IPv6  to  overcome  the  limitations  of  the  current  Internet.  The  focus  of  the  SAAM  project  is 
guaranteed  quality  of  service  (QoS).  This  thesis  addresses  fault  tolerance  in  a  SAAM  region  with  regards  to 
router  and  link  failures.  A  hybrid  link  restoration  (rerouting)  scheme  is  proposed,  in  which  central 
knowledge  (at  the  SAAM  server)  of  the  network  topology  is  used  to  develop  alternate  paths  while  path 
switching  is  done  at  a  local  (router)  level. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Server  Agent  Based  Network  Management  System,  SAAM,  Interconnected  Networks, 
Router  and  Link  Failures 


INTEGRATED  DEVELOPMENT  ENVIRONMENT  (IDE)  FOR  THE  CONSTRUCTION  OF  A 
FEDERATION  INTEROPERABILITY  OBJECT  MODEL  (FIOM) 

Paul  E.  Y6ung-Captaln,  United  States  Navy 
M.S.,  University  of  Mississippi,  1985 
Master  of  Science  in  Software  Engineering-September  2001 

and 

Brent  P.  Christie  -  Major,  United  States  Marine  Corps 
B.S.,  State  University  of  New  York  College  at  Buffalo,  1990 
Master  of  Science  in  Computer  Science-September  2001 
Advisors:  Valdis  Berzins,  Department  of  Computer  Science 
Luqi,  Department  of  Computer  Science 

Advances  in  computer  communications  technology,  the  recognition  of  common  areas  of  functionality  in 
related  systems,  and  an  increased  awareness  of  how  enhanced  information  access  can  lead  to  improved 
capability,  are  driving  an  interest  toward  integration  of  current  stand-alone  systems  to  meet  future  system 
requirements.  However,  differences  in  hardware  platforms,  software  architectures,  operating  systems,  host 
languages,  and  data  representation  have  resulted  in  scores  of  stand-alone  systems  that  are  unable  to 
interoperate  properly. 

Young's  Object  Oriented  Model  for  Interoperability  (OOMI)  defines  an  architecture  and  suite  of 
software  tools  for  resolving  data  representational  differences  between  systems  in  order  to  achieve  the 
desired  system  interoperability.  The  Federation  Interoperability  Object  Model  (FIOM)  Integrated 
Development  Environment  (IDE)  detailed  in  this  thesis  is  a  toolset  that  provides  computer  aid  to  the  task  of 
creating  and  managing  an  interoperable  federation  of  systems. 

This  thesis  describes  the  vision  and  requirements  for  this  tool  along  with  an  initial  prototype 
demonstrating  how  emerging  technologies  such  as  XML  and  Data  Binding  are  utilized  to  capture  the 
necessary  information  required  to  resolve  data  representational  differences  between  systems.  The  material 
presented  in  this  thesis  has  the  potential  to  significantly  reduce  the  cost  and  effort  required  for  achieving 
interoperability  between  DoD  systems. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 

KEYWORDS:  Object  Orientated  Model  for  Interoperability,  OOMI,  Federation  Interoperability  Object 
Model  Integrated  Development  Environment,  FIOM  IDE 
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NETWORK  DEFENSE-IN-DEPTH:  EVALUATING  HOST-BASED 
INTRUSION  DETECTION  SYSTEMS 
Ronald  E.  Yun-Lieutenant,  United  States  Navy 
B.S.,  Strayer  College,  1995 
Master  of  Science  in  Systems  Technology-June  2001 
and 

Steven  A.  Vozzola-Lieutenant,  United  States  Navy 
B.S.,  Jacksonville  University,  1993 
Master  of  Science  in  Systems  Technology-June  2001 
Advisor:  Richard  Harkins,  Department  of  Physics 
Second  Reader:  Daniel  Warren,  Department  of  Computer  Science 

As  networks  grow,  their  vulnerability  to  attack  increases.  DoD  networks  represent  a  rich  target  for  a 
variety  of  attackers.  The  number  and  sophistication  of  attacks  continue  to  increase  as  more  vulnerabilities 
and  the  tools  to  exploit  them  become  available  over  the  Internet.  The  challenge  for  system  administrators 
is  to  secure  systems  against  penetration  and  exploitation  while  maintaining  connectivity  and  monitoring 
and  reporting  intrusion  attempts. 

Traditional  intrusion  detection  (ID)  systems  can  take  either  a  network  or  a  host-based  approach  to 
preventing  attacks.  Many  networks  employ  network-based  ID  systems.  A  more  secure  network  will 
employ  both  techniques.  This  thesis  will  analyze  the  benefits  of  installing  host-based  ID  systems, 
especially  on  the  critical  servers  (mail,  web,  DNS)  that  lie  outside  the  protection  of  the  network  ID 
system/Firewall.  These  servers  require  a  layer  of  protection  to  ensure  the  security  of  the  entire  network  and 
reduce  the  risk  or  attack.. 

Three  host-based  ID  systems  will  be  tested  and  evaluated  to  demonstrate  their  benefits  on  Windows 
2000  Server.  The  proposed  added  security  of  host-based  ID  systems  will  establish  defense-in-depth  and 
work  in  conjunction  with  the  network-based  ID  system  to  provide  a  complete  security  umbrella  for  the 
entire  network.  _  • 

DoD  KEY  TECHNOLOGY  AREA:  Computing  and  Software 

KEYWORDS:  Network  Security,  System  Security,  Intrusion  Detection,  Intrusion  Detection  System, 
Defense-in-depth 


A  TRAINING  FRAMEWORK  FOR  THE  DEPARTMENT  OF  DEFENSE  PUBLIC  KEY 

INFRASTRUCTURE 

Marcia  L.  Ziemba-Lieutenant,  United  States  Navy 
B.S.,  Marquette  University,  1993 
M.GA,  University  of  Maryland  University  College,  1996 
Master  of  Science  in  Information  Technology  Management-September  2001 
Advisors:  Cynthia  E.  Irvine,  Department  of  Computer  Science 
Daniel  F,  Warren,  Department  of  Computer  Science 

Increased  use  of  the  Internet  and  the  growth  of  electronic  commerce  within  the  Department  of  Defense 
(DoD)  has  led  to  the  development  and  implementation  of  the  DoD  Public  Key  Infrastructure  (PKI).  Any 
PKI  can  only  serve  its  intended  purpose  if  there  is  trust  within  the  system.  This  thesis  reviews  the  basics  of 
public  (or  asymmetric)  key  cryptography  and  its  counterpart,  symmetric  key  cryptography.  It  outlines  the 
DoD's  PKI  implementation  plan  and  the  user  roles  identified  within  the  infrastructure.  Because  a  PKI  relies 
entirely  on  trust,  training  for  all  users  of  a  PKI  is  essential.  The  current  approach  to  PKI  training  within  the 
DoD  will  not  provide  all  of  its  users  with  the  required  level  of  understanding  of  the  system  as  a  whole,  or  of 
the  implications  and  ramifications  that  their  individual  actions  may  have  upon  the  system.  The 
decentralized,  segmented,  and  inconsistent  approach  to  PKI  training  will  result  in  a  lack  of  trust  within  the 
PKI.  Training  for  the  DoD  PKI  must  be  consistent,  current,  appropriate,  and  available  to  all  users  at  any 
time.  The  author  proposes  a  web-based  training  framework  for  the  DoD  PKI.  The  basic  requirements  and 
design  of  the  framework  are  presented,  and  a  prototype  is  developed  for  further  testing  and  evaluation. 
Without  the  proper  attention  to  training,  the  DoD  PKI  will  be  at  risk,  and  may  not  perform  its  intended 
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functions  of  providing  the  required  authenticity  and  integrity  across  the  various  networks  upon  which  DoD 
conducts  business. 

DoD  KEY  TECHNOLOGY  AREAS:  Computing  and  Software 
KEYWORDS:  Internet,  Electronic  Commerce,  Public  Key  Infrastructure,  PKI 
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